Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mdPov8VTwi.exe

Overview

General Information

Sample name:mdPov8VTwi.exe
renamed because original name is a hash value
Original sample name:1993ad089d3aac67b807530545d56ec3.exe
Analysis ID:1575753
MD5:1993ad089d3aac67b807530545d56ec3
SHA1:d0915d407850675757b009f5f3e638278421840c
SHA256:a28740f6aff30052e217cb6960de51b5697248ed6902340ad275c0d4e832c763
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • mdPov8VTwi.exe (PID: 1276 cmdline: "C:\Users\user\Desktop\mdPov8VTwi.exe" MD5: 1993AD089D3AAC67B807530545D56EC3)
    • taskkill.exe (PID: 4708 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6536 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1264 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6556 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5808 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 5616 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6672 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 1776 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6552 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67fa72eb-d6a8-4f63-9d27-8513cda68da4} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66e510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7820 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -parentBuildID 20230927232528 -prefsHandle 2756 -prefMapHandle 2944 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {026b4b50-dad8-481f-9093-ead650aec1a6} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17b8d7d5310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7304 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3528 -prefMapHandle 3392 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0900ff-a6a0-42cf-ac74-8f9e3697825c} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66df10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: mdPov8VTwi.exe PID: 1276JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: mdPov8VTwi.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: mdPov8VTwi.exeReversingLabs: Detection: 36%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
    Machine Learning detection for sample
    Source: mdPov8VTwi.exeJoe Sandbox ML: detected
    Source: mdPov8VTwi.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49714 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49800 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49870 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49871 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2246146193.0000017B91901000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2228384629.0000017B975AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2248791065.0000017B8D3BB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2249416354.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2248791065.0000017B8D3BB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2247304136.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2246146193.0000017B91901000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2249416354.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2247304136.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0055DBBE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0052C2A2 FindFirstFileExW,0_2_0052C2A2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005668EE FindFirstFileW,FindClose,0_2_005668EE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0056698F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0055D076
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0055D3A9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00569642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00569642
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0056979D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00569B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00569B2B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00565C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00565C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 204MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0056CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2280767408.0000017B99D35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2280616105.0000017B99D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285321111.0000017B99D5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2282154415.0000017B997A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282154415.0000017B997A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B97475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304235141.0000017B97475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317712925.0000017B97475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2280616105.0000017B99D5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280616105.0000017B99D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285321111.0000017B99D5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2282154415.0000017B997A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282154415.0000017B997A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2234493064.0000017B90B59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2234493064.0000017B90B59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2234493064.0000017B90B59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2280767408.0000017B99D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302742746.0000017B99D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B97475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304235141.0000017B97475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2280616105.0000017B99D5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280616105.0000017B99D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337229752.0000017B95CE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2304032090.0000017B974B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320084736.0000017B8E5C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333486378.0000017B974B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2282154415.0000017B997A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288249966.0000017B974C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2325403864.0000017B9548E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228831317.0000017B974B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2232837197.0000017B90EC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2305216204.0000017B97026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2303383008.0000017B975D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2308833311.0000017B9548E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291030601.0000017B9548E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.comP
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2329549695.0000017BFF65F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
    Source: firefox.exe, 0000000E.00000003.2329549695.0000017BFF65F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2265010018.0000017B973ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2172836739.0000017B973E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174215960.0000017B95698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169896815.0000017B973DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268727552.0000017B8EC82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269069983.0000017B8CDF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233921761.0000017B90BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300553473.0000017B971B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137206988.0000017B8DCEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137821960.0000017B8D0F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261100101.0000017B8CD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163614116.0000017B95EC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263204744.0000017B8ECB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315874853.0000017B8EC49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233829567.0000017B90BD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233921761.0000017B90BB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8ECB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293657833.0000017B8EB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137709635.0000017B8DC95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2329687904.0000017B97B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2242545837.0000017B8FD51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242356932.0000017B8FD96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174791442.0000017B8FA88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.2242545837.0000017B8FD51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulNv
    Source: firefox.exe, 0000000E.00000003.2242356932.0000017B8FD96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2305803225.0000017B96F87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2320084736.0000017B8E5E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2231740213.0000017B955DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9587B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323801145.0000017B9587B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2230385283.0000017B956B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234493064.0000017B90B59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2187972408.0000017B8DFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2188154039.0000017B8DFAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184583004.0000017B8DFC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181831606.0000017B8DFAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2327221709.0000017B8F2AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242687931.0000017B8F2AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2288022746.0000017B974EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320084736.0000017B8E5C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228831317.0000017B974EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2231174345.0000017B95659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2289439937.0000017B97236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2304032090.0000017B974B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323801145.0000017B95848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B95848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333486378.0000017B974B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288418353.0000017B974B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228831317.0000017B974B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2333371295.0000017B97517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178173123.0000017B8EC97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8EC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8EC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2293150812.0000017B8EC0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8EC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8EC9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132300719.0000017B8D184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2337229752.0000017B95CD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.2306321400.0000017B96E42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2286557367.0000017B99C29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281880486.0000017B99C29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2227839399.0000017B99C29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2334840167.0000017B96FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2305284560.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2334840167.0000017B96FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000E.00000003.2305284560.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2300553473.0000017B971B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169525066.0000017B971B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2261411124.0000017B95EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163396510.0000017B95EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290002657.0000017B970C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132300719.0000017B8D184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2334840167.0000017B96FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2173212294.0000017B8EC4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162053375.0000017B97129000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2287149553.0000017B97598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2229654807.0000017B9722F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2318706745.0000017B97034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287390337.0000017B97558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228447528.0000017B9751E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9587B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2287149553.0000017B97572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303749550.0000017B97573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2186920028.0000017B8DFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186271733.0000017B8DFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186140757.0000017B8DFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2181831606.0000017B8DF6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2188840044.0000017B8DFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304431984.0000017B97469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229151125.0000017B97469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2187972408.0000017B8DFBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288814847.0000017B97469000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2320284766.0000017B8E585000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2287149553.0000017B97598000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000011.00000002.3928362772.0000025095FBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2174085625.0000017B974EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176539839.0000017B96F89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/196544a6-b902-427f-a8a5-96880
    Source: firefox.exe, 0000000E.00000003.2318706745.0000017B97034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/ea87bb43-add6-4d49-ab52-5a47
    Source: firefox.exe, 0000000E.00000003.2227839399.0000017B99C22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281913087.0000017B99C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/2c9a09d0-a5aa-444f
    Source: firefox.exe, 0000000E.00000003.2227839399.0000017B99C22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281913087.0000017B99C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/5542d02f-66f9-4aa5
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9587B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323801145.0000017B9587B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2281160398.0000017B99D0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2227015307.0000017B99C33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000010.00000002.3929781108.0000018872773000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2329171898.0000017BFFF33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2163836206.0000017B973DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.2163836206.0000017B973DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2304197341.0000017B97480000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228831317.0000017B9747E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176129577.0000017B9747E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288596729.0000017B9747E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2289294666.0000017B9727E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2305803225.0000017B96F79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335789876.0000017B96F79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2309572303.0000017B90EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326873045.0000017B90EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232837197.0000017B90EBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2230385283.0000017B956C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228074553.0000017B975E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2327962182.0000017BFFFB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2300553473.0000017B971B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169525066.0000017B971B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2176232315.0000017B96FF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2334758434.0000017B97015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305216204.0000017B9702C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2329687904.0000017B97B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320084736.0000017B8E5C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2327962182.0000017BFFFB2000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288418353.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304032090.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333486378.0000017B974A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2228048292.0000017B975F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230385283.0000017B956C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174215960.0000017B956C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303305687.0000017B975F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280329601.0000017B99D77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2248888314.0000017B901BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2312266485.0000017B90086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235162345.0000017B90086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2182851444.0000017B8EDF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/update-firefox-latest-release
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B974B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B974CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288169122.0000017B974DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317422579.0000017B974E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231281814.0000017B9563F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304641141.0000017B97258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2225792088.0000017B8D385000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225827437.0000017B8D38C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2307565885.0000017B9587B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B95868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B95868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2156649940.0000017B95988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132300719.0000017B8D184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2261411124.0000017B95EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163396510.0000017B95EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132300719.0000017B8D184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2163836206.0000017B973DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2163836206.0000017B973DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2175607577.0000017B9755D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2305803225.0000017B96F70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335450646.0000017B96F8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305012023.0000017B97034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318706745.0000017B97034000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305216204.0000017B97026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176498261.0000017B96F97000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2173212294.0000017B8EC4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2162053375.0000017B97129000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333849900.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288418353.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304032090.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333486378.0000017B974A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2320545353.0000017B8E433000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2336371969.0000017B96EC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288418353.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304032090.0000017B9748D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333486378.0000017B974A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2336371969.0000017B96EC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 0000000E.00000003.2329549695.0000017BFF65F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Z
    Source: firefox.exe, 0000000E.00000003.2336371969.0000017B96EC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2231281814.0000017B9563F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2321612524.0000017BFF7CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2228831317.0000017B974CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288169122.0000017B974DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317422579.0000017B974E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.2280767408.0000017B99D2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2231281814.0000017B9563F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningWindow_Cc_ontrollersWarningwindow.controllers/Controllers
    Source: firefox.exe, 0000000E.00000003.2242258829.0000017B8FDA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288249966.0000017B974CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317463476.0000017B974CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000010.00000002.3928595952.0000018872540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 00000012.00000002.3928651402.000001F57C580000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co$)
    Source: firefox.exe, 00000011.00000002.3927675126.0000025095CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co$1
    Source: firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3928025109.00000188723E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3928595952.0000018872544000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3928025109.00000188723EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927675126.0000025095CE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927991281.0000025095CF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927991281.0000025095CFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3928651402.000001F57C584000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3927911324.000001F57C40A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000012.00000002.3927911324.000001F57C400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd#
    Source: firefox.exe, 0000000C.00000002.2110377631.000001FCF70C7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2121832934.0000013BCCF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000012.00000002.3927911324.000001F57C40A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd7
    Source: firefox.exe, 00000010.00000002.3928025109.00000188723E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3928595952.0000018872544000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927675126.0000025095CE4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927991281.0000025095CF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3928651402.000001F57C584000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3927911324.000001F57C400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49714 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.5:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49800 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49870 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49871 version: TLS 1.2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0056EAFF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0056ED6A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0056EAFF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0055AA57
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00589576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00589576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: mdPov8VTwi.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: mdPov8VTwi.exe, 00000000.00000000.2067641787.00000000005B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b3324624-a
    Source: mdPov8VTwi.exe, 00000000.00000000.2067641787.00000000005B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f148351d-6
    Source: mdPov8VTwi.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6a4350a1-9
    Source: mdPov8VTwi.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_dd980530-b
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000250965228F7 NtQuerySystemInformation,17_2_00000250965228F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000025096658C72 NtQuerySystemInformation,17_2_0000025096658C72
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0055D5EB
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00551201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00551201
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0055E8F6
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004FBF400_2_004FBF40
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005620460_2_00562046
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F80600_2_004F8060
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005582980_2_00558298
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0052E4FF0_2_0052E4FF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0052676B0_2_0052676B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005848730_2_00584873
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0051CAA00_2_0051CAA0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0050CC390_2_0050CC39
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00526DD90_2_00526DD9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0050B1190_2_0050B119
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F91C00_2_004F91C0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005113940_2_00511394
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005117060_2_00511706
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0051781B0_2_0051781B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0050997D0_2_0050997D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F79200_2_004F7920
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005119B00_2_005119B0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00517A4A0_2_00517A4A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00511C770_2_00511C77
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00543CD20_2_00543CD2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00517CA70_2_00517CA7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0057BE440_2_0057BE44
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00529EEE0_2_00529EEE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00511F320_2_00511F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000250965228F717_2_00000250965228F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000025096658C7217_2_0000025096658C72
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000025096658CB217_2_0000025096658CB2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002509665939C17_2_000002509665939C
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 0050F9F2 appears 40 times
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 00510A30 appears 46 times
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 004F9CB3 appears 31 times
    Source: mdPov8VTwi.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/37@71/12
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005637B5 GetLastError,FormatMessageW,0_2_005637B5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005510BF AdjustTokenPrivileges,CloseHandle,0_2_005510BF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_005516C3
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_005651CD
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0055D4DC
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0056648E
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004F42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:828:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6508:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: mdPov8VTwi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2229654807.0000017B97233000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: mdPov8VTwi.exeReversingLabs: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\mdPov8VTwi.exe "C:\Users\user\Desktop\mdPov8VTwi.exe"
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67fa72eb-d6a8-4f63-9d27-8513cda68da4} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66e510 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -parentBuildID 20230927232528 -prefsHandle 2756 -prefMapHandle 2944 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {026b4b50-dad8-481f-9093-ead650aec1a6} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17b8d7d5310 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3528 -prefMapHandle 3392 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0900ff-a6a0-42cf-ac74-8f9e3697825c} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66df10 utility
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67fa72eb-d6a8-4f63-9d27-8513cda68da4} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66e510 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -parentBuildID 20230927232528 -prefsHandle 2756 -prefMapHandle 2944 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {026b4b50-dad8-481f-9093-ead650aec1a6} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17b8d7d5310 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3528 -prefMapHandle 3392 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0900ff-a6a0-42cf-ac74-8f9e3697825c} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66df10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2246146193.0000017B91901000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2228384629.0000017B975AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2248791065.0000017B8D3BB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2249416354.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2248791065.0000017B8D3BB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2247304136.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2246146193.0000017B91901000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2249416354.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2247304136.0000017B8D3B5000.00000004.00000020.00020000.00000000.sdmp
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004F42DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00510A76 push ecx; ret 0_2_00510A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0050F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0050F98E
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00581C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00581C41
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94978
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000250965228F7 rdtsc 17_2_00000250965228F7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeAPI coverage: 3.9 %
    Source: C:\Users\user\Desktop\mdPov8VTwi.exe TID: 5560Thread sleep count: 112 > 30Jump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exe TID: 5560Thread sleep count: 139 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0055DBBE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0052C2A2 FindFirstFileExW,0_2_0052C2A2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005668EE FindFirstFileW,FindClose,0_2_005668EE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0056698F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0055D076
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0055D3A9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00569642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00569642
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0056979D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00569B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00569B2B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00565C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00565C97
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004F42DE
    Source: firefox.exe, 00000011.00000002.3932245172.0000025096540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllaN
    Source: mdPov8VTwi.exe, 00000000.00000003.2156084048.0000000001842000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2156029056.000000000187F000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000002.2164092765.0000000001854000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2155984175.0000000001841000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2155817782.0000000001833000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2155865600.000000000183B000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2160331297.000000000184D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3933052178.0000018872A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3927991281.0000025095CFA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3932245172.0000025096540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000E.00000003.2321612524.0000017BFF7C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3932273302.000001887291F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3933052178.0000018872A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
    Source: firefox.exe, 00000010.00000002.3928025109.00000188723EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
    Source: firefox.exe, 00000010.00000002.3933052178.0000018872A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`
    Source: firefox.exe, 00000012.00000002.3927911324.000001F57C40A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: firefox.exe, 00000010.00000002.3933052178.0000018872A00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3932245172.0000025096540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000250965228F7 rdtsc 17_2_00000250965228F7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0056EAA2 BlockInput,0_2_0056EAA2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00522622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00522622
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004F42DE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00514CE8 mov eax, dword ptr fs:[00000030h]0_2_00514CE8
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00550B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00550B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00522622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00522622
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0051083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0051083F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005109D5 SetUnhandledExceptionFilter,0_2_005109D5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00510C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00510C21
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00551201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00551201
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00532BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00532BA5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0055B226 SendInput,keybd_event,0_2_0055B226
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_005722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_005722DA
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00550B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00550B62
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00551663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00551663
    Source: mdPov8VTwi.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: mdPov8VTwi.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2222286716.0000017B91901000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00510698 cpuid 0_2_00510698
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0054D21C GetLocalTime,0_2_0054D21C
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0054D27A GetUserNameW,0_2_0054D27A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0052B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0052B952
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_004F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004F42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: mdPov8VTwi.exe PID: 1276, type: MEMORYSTR
    Source: mdPov8VTwi.exeBinary or memory string: WIN_81
    Source: mdPov8VTwi.exeBinary or memory string: WIN_XP
    Source: mdPov8VTwi.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: mdPov8VTwi.exeBinary or memory string: WIN_XPe
    Source: mdPov8VTwi.exeBinary or memory string: WIN_VISTA
    Source: mdPov8VTwi.exeBinary or memory string: WIN_7
    Source: mdPov8VTwi.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: mdPov8VTwi.exe PID: 1276, type: MEMORYSTR
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00571204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00571204
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00571806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00571806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials11
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575753 Sample: mdPov8VTwi.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 mdPov8VTwi.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 216 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49712, 49713 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49711, 49723, 49724 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    mdPov8VTwi.exe37%ReversingLabsWin32.Trojan.Amadey
    mdPov8VTwi.exe100%AviraTR/ATRAPS.Gen
    mdPov8VTwi.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.65.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.19.238
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.65.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.2290448844.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://youtube.com/account?=https://accounts.google.co$1firefox.exe, 00000011.00000002.3927675126.0000025095CE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2286557367.0000017B99C29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281880486.0000017B99C29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2227839399.0000017B99C29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                              		high
                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://youtube.com/account?=https://accounts.google.co$)firefox.exe, 00000012.00000002.3928651402.000001F57C580000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3929781108.0000018872773000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.2327962182.0000017BFFFB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2176232315.0000017B96FF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132300719.0000017B8D184000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2288022746.0000017B974EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320084736.0000017B8E5C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2228831317.0000017B974EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2320456981.0000017B8E531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304641141.0000017B97258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.msn.comfirefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2130741547.0000017B8D700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2131866236.0000017B8D137000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132021130.0000017B8D151000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132169464.0000017B8D16C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2335450646.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305284560.0000017B96F9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.instagram.com/firefox.exe, 0000000E.00000003.2163836206.0000017B973DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2172836739.0000017B973DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.amazon.com/firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2334840167.0000017B96FDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://exslt.org/dates-and-timesfirefox.exe, 0000000E.00000003.2329549695.0000017BFF65F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.youtube.com/firefox.exe, 00000012.00000002.3929689004.000001F57C80C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2305803225.0000017B96F87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2327595575.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333802992.0000017B972E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304471136.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289165207.0000017B972C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2229178109.0000017B972C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.2307565885.0000017B9589F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308592967.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232017408.0000017B95578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C8C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://127.0.0.1:firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8EC9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2300553473.0000017B971B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169525066.0000017B971B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://bugzilla.mofirefox.exe, 0000000E.00000003.2333371295.0000017B97517000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://detectportal.firefox.comPfirefox.exe, 0000000E.00000003.2308833311.0000017B9548E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2291030601.0000017B9548E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2336141450.0000017B96F1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 0000000E.00000003.2316869738.0000017BFF6B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3929781108.00000188727C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095FE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3932465389.000001F57CA03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2305284560.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176232315.0000017B96FE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2307346430.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3928362772.0000025095F12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3929689004.000001F57C813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2230051606.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307346430.0000017B95BD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000010.00000002.3928595952.0000018872540000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.14.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2176644533.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2172836739.0000017B973E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174215960.0000017B95698000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169896815.0000017B973DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268727552.0000017B8EC82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269069983.0000017B8CDF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233921761.0000017B90BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300553473.0000017B971B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137206988.0000017B8DCEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231740213.0000017B955EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137821960.0000017B8D0F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261100101.0000017B8CD50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163614116.0000017B95EC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263204744.0000017B8ECB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2315874853.0000017B8EC49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233829567.0000017B90BD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233921761.0000017B90BB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179087506.0000017B8ECB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290293361.0000017B955EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293657833.0000017B8EB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2137709635.0000017B8DC95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.openh264.org/firefox.exe, 0000000E.00000003.2321612524.0000017BFF7CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2174770171.0000017B90C9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2310366275.0000017B90C9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://www.zhihu.com/firefox.exe, 0000000E.00000003.2231281814.0000017B9563F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2174215960.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230770325.0000017B9569F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284564282.0000017BFF6DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2307492220.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323674433.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290109694.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2230051606.0000017B95BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2257555856.0000017B95750000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2307565885.0000017B9587B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323801145.0000017B9587B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2323801145.0000017B9582D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307565885.0000017B9582D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2290109694.0000017B95BDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://profiler.firefox.comfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000E.00000003.2178193172.0000017B8EC8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2320284766.0000017B8E585000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3931986347.0000018872800000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3931568508.00000250964A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3929206622.000001F57C590000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2312266485.0000017B90086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235162345.0000017B90086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2178146484.0000017B8EC99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178308097.0000017B8ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2179651192.0000017B98B4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2178723625.0000017B98B39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2131012408.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2129551703.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2133350242.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301883817.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295712346.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2132795728.0000017B8D6DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.65.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.110
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1575753
                                                                                                                                                                                                                                                                          Start date and time:2024-12-16 10:00:50 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 19s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:mdPov8VTwi.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:1993ad089d3aac67b807530545d56ec3.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/37@71/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 40%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 50
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 288
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 35.85.93.176, 44.228.225.150, 54.213.181.160, 142.250.181.138, 172.217.17.46, 88.221.134.155, 88.221.134.209, 23.218.208.109, 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target firefox.exe, PID 1776 because there are no executed function
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: mdPov8VTwi.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                            34.149.100.209nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              151.101.65.916eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  example.orgfile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.comhttps://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSGarm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.135.65
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.119.157.208
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  FASTLYUShttps://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                  https://omnirayoprah.cfd/orzbqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                  https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=mv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dmv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg%22%7D%7D&flowContextData=3VhkG6GfeMFpPs0RyY94VfaPuu2gnDuZkT0vO2-Owy5Q0TLELhHoBl0C3rYOuScB-P1puLFiHoe8q1yHNkorMrsQ-kVAt54br43PgY3iTrhwRm0aS_TYpgjIbliH5dfDJJr3q03bJkAa9vLd7Cr3oAjCQ5rfmoQCALWFn-qszHw7Rd_aj20-SECud0ZSxh-oKENUYjnmdRqAckr48r-ddvc-Vgo4zQnu7JkI5YB_1CxdutYkC-X7iD96T-7aDJhAmyxkfGKQ53prsK5Kys2hLiVrkCjSURM1RSmWzlwznlByQzHhv1R0VrGdaW03mCZt_U0pKOeWAwiNac8f&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&calc=f53338153f55e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.295.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.21
                                                                                                                                                                                                                                                                                                                                  http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                  https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.16
                                                                                                                                                                                                                                                                                                                                  IGz.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 167.83.97.28
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUS1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 192.56.124.79
                                                                                                                                                                                                                                                                                                                                  arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 56.55.47.44
                                                                                                                                                                                                                                                                                                                                  arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 32.250.10.46
                                                                                                                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.237.32.223
                                                                                                                                                                                                                                                                                                                                  ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.169.33.91
                                                                                                                                                                                                                                                                                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 33.210.242.0
                                                                                                                                                                                                                                                                                                                                  arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 51.230.252.202
                                                                                                                                                                                                                                                                                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.201.186.239
                                                                                                                                                                                                                                                                                                                                  arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 33.22.199.122

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a60d41dd-29c9-4e4e-868c-f9e6bab3b939.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.173604764854829
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:0pKMXIKFcbhbVbTbfbRbObtbyEl7n4r9+JA6wnSrDtTkd/SW:0pPlcNhnzFSJYrLjnSrDhkd/f
                                                                                                                                                                                                                                                                                                                                                    MD5:CBDA4C3B8FF7A2B83AB4FE6445EFD0BD
                                                                                                                                                                                                                                                                                                                                                    SHA1:70E3FC2E9D688A634CA98678D0D725AD064584BD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CF1AE3871E909FCA41B0579CBF1AE6191207FDE0DC76E0DF9C86D82371A1F04B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:51127F5C9D60D2925B902EEBAD10EA227355EB489ADEE5B2EAE5C757166B549F711653A9124721C24B6A128FF8E00231F87245A2D2AEAE326D012099BFF63025
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"a60d41dd-29c9-4e4e-868c-f9e6bab3b939","creationDate":"2024-12-16T10:57:58.480Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a60d41dd-29c9-4e4e-868c-f9e6bab3b939.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.173604764854829
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:0pKMXIKFcbhbVbTbfbRbObtbyEl7n4r9+JA6wnSrDtTkd/SW:0pPlcNhnzFSJYrLjnSrDhkd/f
                                                                                                                                                                                                                                                                                                                                                    MD5:CBDA4C3B8FF7A2B83AB4FE6445EFD0BD
                                                                                                                                                                                                                                                                                                                                                    SHA1:70E3FC2E9D688A634CA98678D0D725AD064584BD
                                                                                                                                                                                                                                                                                                                                                    SHA-256:CF1AE3871E909FCA41B0579CBF1AE6191207FDE0DC76E0DF9C86D82371A1F04B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:51127F5C9D60D2925B902EEBAD10EA227355EB489ADEE5B2EAE5C757166B549F711653A9124721C24B6A128FF8E00231F87245A2D2AEAE326D012099BFF63025
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"a60d41dd-29c9-4e4e-868c-f9e6bab3b939","creationDate":"2024-12-16T10:57:58.480Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                    MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                    SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                    SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.300589333324597
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:Bodf1DOQDXAOTIUx2dWoM15lLN8zmYodf1DOQDXAOswM+bpoqdWoM15lLFX1Rgmv:ydiHUgdwqzQdih6BdwWidiBadwE1
                                                                                                                                                                                                                                                                                                                                                    MD5:B43389AAF26AF4FE194B6F8CBF4E0404
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C1020B46BDD75B40FEBDDE714B032114EF52444
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C719162369BD9CDC0BBBE399A2EBD0D51A9C1EA2F9B618BFF38C963F28F6D7FD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5D61BAF891BC83D27F8E55445AC4ABF158F90343CF5A2EA27A855D7AEF09E92A9F439E170458ED73E74A65785E712AC049DC5DFCE10BF1AB05CD55C147B5C0A4
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.........G(.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y8H....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y8H............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y8H..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............)u.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.300589333324597
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:Bodf1DOQDXAOTIUx2dWoM15lLN8zmYodf1DOQDXAOswM+bpoqdWoM15lLFX1Rgmv:ydiHUgdwqzQdih6BdwWidiBadwE1
                                                                                                                                                                                                                                                                                                                                                    MD5:B43389AAF26AF4FE194B6F8CBF4E0404
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C1020B46BDD75B40FEBDDE714B032114EF52444
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C719162369BD9CDC0BBBE399A2EBD0D51A9C1EA2F9B618BFF38C963F28F6D7FD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5D61BAF891BC83D27F8E55445AC4ABF158F90343CF5A2EA27A855D7AEF09E92A9F439E170458ED73E74A65785E712AC049DC5DFCE10BF1AB05CD55C147B5C0A4
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.........G(.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y8H....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y8H............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y8H..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............)u.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9NI8CG7I13JMD5RGQY26.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.300589333324597
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:Bodf1DOQDXAOTIUx2dWoM15lLN8zmYodf1DOQDXAOswM+bpoqdWoM15lLFX1Rgmv:ydiHUgdwqzQdih6BdwWidiBadwE1
                                                                                                                                                                                                                                                                                                                                                    MD5:B43389AAF26AF4FE194B6F8CBF4E0404
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C1020B46BDD75B40FEBDDE714B032114EF52444
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C719162369BD9CDC0BBBE399A2EBD0D51A9C1EA2F9B618BFF38C963F28F6D7FD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5D61BAF891BC83D27F8E55445AC4ABF158F90343CF5A2EA27A855D7AEF09E92A9F439E170458ED73E74A65785E712AC049DC5DFCE10BF1AB05CD55C147B5C0A4
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.........G(.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y8H....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y8H............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y8H..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............)u.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IXYMGN3LZOV7U5FFLXSL.temp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.300589333324597
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:Bodf1DOQDXAOTIUx2dWoM15lLN8zmYodf1DOQDXAOswM+bpoqdWoM15lLFX1Rgmv:ydiHUgdwqzQdih6BdwWidiBadwE1
                                                                                                                                                                                                                                                                                                                                                    MD5:B43389AAF26AF4FE194B6F8CBF4E0404
                                                                                                                                                                                                                                                                                                                                                    SHA1:9C1020B46BDD75B40FEBDDE714B032114EF52444
                                                                                                                                                                                                                                                                                                                                                    SHA-256:C719162369BD9CDC0BBBE399A2EBD0D51A9C1EA2F9B618BFF38C963F28F6D7FD
                                                                                                                                                                                                                                                                                                                                                    SHA-512:5D61BAF891BC83D27F8E55445AC4ABF158F90343CF5A2EA27A855D7AEF09E92A9F439E170458ED73E74A65785E712AC049DC5DFCE10BF1AB05CD55C147B5C0A4
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p.........G(.O..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y8H....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y8H............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y8H..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............)u.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.923916916287263
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNs9Rxeln:8S+OVPUFRbOdwNIOdYpjvY1Q6L/T8P
                                                                                                                                                                                                                                                                                                                                                    MD5:3C493E223AFD418721EF65FDA343DB20
                                                                                                                                                                                                                                                                                                                                                    SHA1:CD6F562D736A93CFF31F4291581CF6DC1A351C71
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E656310833F4DD4377B3EEF35AF46BBBE52F76FEAED2E18EE54DF05AE9F17A3E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2B749A67E1433D9378A945494FB372E958D1063AE85591B971C384D3B7DB429491C9648805E941B2D586573652EBF1F61C9AB505AE61D26A2A76701AC660768B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.923916916287263
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNs9Rxeln:8S+OVPUFRbOdwNIOdYpjvY1Q6L/T8P
                                                                                                                                                                                                                                                                                                                                                    MD5:3C493E223AFD418721EF65FDA343DB20
                                                                                                                                                                                                                                                                                                                                                    SHA1:CD6F562D736A93CFF31F4291581CF6DC1A351C71
                                                                                                                                                                                                                                                                                                                                                    SHA-256:E656310833F4DD4377B3EEF35AF46BBBE52F76FEAED2E18EE54DF05AE9F17A3E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:2B749A67E1433D9378A945494FB372E958D1063AE85591B971C384D3B7DB429491C9648805E941B2D586573652EBF1F61C9AB505AE61D26A2A76701AC660768B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                    MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                    SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                    SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                    SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                    MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                    MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                    SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                    SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07332945695695665
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                    MD5:A67A3535DB083DFD9B0F748923FBA943
                                                                                                                                                                                                                                                                                                                                                    SHA1:E07D96F51B50D39FD8914DB8AF0FC02E15CE65B6
                                                                                                                                                                                                                                                                                                                                                    SHA-256:325334876ABBDD7377D9EF3BCF9B102004260FD233FF60B5FDF148E20A1A9E8F
                                                                                                                                                                                                                                                                                                                                                    SHA-512:73DC8A8B5896704D98534E9112F1537DDEA27E2FE945DDBF857B6EB89D756702517854608D3BFF7431C7F99FE67DC2443E27C96BB24B26743621E5A6282DBA79
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.039751381258926154
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:6:G7VCf9OiPJmtMoVCf9OiPJmtMUL9XIwlio:cCfsiIBCfsiIHPi
                                                                                                                                                                                                                                                                                                                                                    MD5:4DC12BBF1C4BA89B096B46D10AF30F36
                                                                                                                                                                                                                                                                                                                                                    SHA1:315A3401B8508561A577DB018681A38BB304B27C
                                                                                                                                                                                                                                                                                                                                                    SHA-256:A5EE16A2F9464D59100427EE37C55FB195266F77ACEECB0EFCE4739DA5B88794
                                                                                                                                                                                                                                                                                                                                                    SHA-512:CA23F33294321013DD247F0EC6AFBB7897DD78AEE10716DFCB57CC8CB071984D59F894A47653187A5F3A93071CF7D1408EBB0E08F09C471391C9381733710A13
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:..-...................../......v.G.k...65.sC.....-...................../......v.G.k...65.sC...........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.13376853349175608
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:KlMxl/fkwSLxsZ+t2zxsMlCXsMzqCFZ7pCF6C5WUCuSCCQE/HaaKCc7RCGOxsaDX:MMxxMBQ42VJCXs4qLWeJa1VyktyZk
                                                                                                                                                                                                                                                                                                                                                    MD5:CAFD2ABAFCDC6911E6C8AF714D4CE7BD
                                                                                                                                                                                                                                                                                                                                                    SHA1:EFFA11A64FDE16A0270843407EBF9169AA617F50
                                                                                                                                                                                                                                                                                                                                                    SHA-256:2C8AC2C1200278F9B8B411B5C7D5EC01B8598D2E411933716C4D0B022C3FD5D1
                                                                                                                                                                                                                                                                                                                                                    SHA-512:86FB2C984E5C1080015BCA0B2513C6D1C30182A5357069602BBFD5FAB877E7519D2E94C6AE1F2F09B17EEF87A82F3423EE638F600DFEA65624DB9BC537DF9826
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:7....-..........v.G.k...d...............v.G.k....M.`..Y.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.476660279181417
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:mGnPOeRnLYbBp6BJ0aX+26SEXK+BMN3u5RHWNBw8dKSl:LDeoJUN/uWHEwJ0
                                                                                                                                                                                                                                                                                                                                                    MD5:CB163769A01B89762CC17E209FE0EB5F
                                                                                                                                                                                                                                                                                                                                                    SHA1:BAC313F65F38EE097F1DF1C7A82C35C24D46E07E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:36198C13EC4E2D45DBA98614EF184843F95E464754E2D3BE2653186C830CBBCC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4D624912914028F7C33A93CECFB231DFDAE089CB234C52C008265B93F180682A557B0E133C5612734689CD30A97E6BBBA45DFB615306AD1402A958CD726FC0C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734346648);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734346648);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734346648);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.476660279181417
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:mGnPOeRnLYbBp6BJ0aX+26SEXK+BMN3u5RHWNBw8dKSl:LDeoJUN/uWHEwJ0
                                                                                                                                                                                                                                                                                                                                                    MD5:CB163769A01B89762CC17E209FE0EB5F
                                                                                                                                                                                                                                                                                                                                                    SHA1:BAC313F65F38EE097F1DF1C7A82C35C24D46E07E
                                                                                                                                                                                                                                                                                                                                                    SHA-256:36198C13EC4E2D45DBA98614EF184843F95E464754E2D3BE2653186C830CBBCC
                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4D624912914028F7C33A93CECFB231DFDAE089CB234C52C008265B93F180682A557B0E133C5612734689CD30A97E6BBBA45DFB615306AD1402A958CD726FC0C
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734346648);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734346648);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734346648);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                    MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                    SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                    SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                    SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.339515495394398
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSKO2LXnIrp/pnxQwRcWT5sKmgb0R3eHVpjO+lamhujJwO2c0TSO6m8:GUpOxnJ2nRcoegq3erjxl4JwcnO6BtT
                                                                                                                                                                                                                                                                                                                                                    MD5:01EE58535EFBDC098BE13AD4C8F02AFE
                                                                                                                                                                                                                                                                                                                                                    SHA1:5269E5E1DBA664C0F16EFF7DB910870432B2AE38
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3623B0DBF44D0C7BDA3A8637F640ADB9AB65C05FB7DCCAA4AFDB478F68BFC50
                                                                                                                                                                                                                                                                                                                                                    SHA-512:92BEA91F44CE2B0ECB27F528FFD93F6AA837783D5BB75281AF9298B2B1F6D5A93FE47CF47BA7303BEB537623D96D6BD99140743BE9E019549A9DA5CD81D4E61D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{74ccab39-7a8e-42ca-9640-4f8a41cdc173}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734346652995,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P17716...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...20890,"originA...."f

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.339515495394398
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSKO2LXnIrp/pnxQwRcWT5sKmgb0R3eHVpjO+lamhujJwO2c0TSO6m8:GUpOxnJ2nRcoegq3erjxl4JwcnO6BtT
                                                                                                                                                                                                                                                                                                                                                    MD5:01EE58535EFBDC098BE13AD4C8F02AFE
                                                                                                                                                                                                                                                                                                                                                    SHA1:5269E5E1DBA664C0F16EFF7DB910870432B2AE38
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3623B0DBF44D0C7BDA3A8637F640ADB9AB65C05FB7DCCAA4AFDB478F68BFC50
                                                                                                                                                                                                                                                                                                                                                    SHA-512:92BEA91F44CE2B0ECB27F528FFD93F6AA837783D5BB75281AF9298B2B1F6D5A93FE47CF47BA7303BEB537623D96D6BD99140743BE9E019549A9DA5CD81D4E61D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{74ccab39-7a8e-42ca-9640-4f8a41cdc173}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734346652995,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P17716...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...20890,"originA...."f

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.339515495394398
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSKO2LXnIrp/pnxQwRcWT5sKmgb0R3eHVpjO+lamhujJwO2c0TSO6m8:GUpOxnJ2nRcoegq3erjxl4JwcnO6BtT
                                                                                                                                                                                                                                                                                                                                                    MD5:01EE58535EFBDC098BE13AD4C8F02AFE
                                                                                                                                                                                                                                                                                                                                                    SHA1:5269E5E1DBA664C0F16EFF7DB910870432B2AE38
                                                                                                                                                                                                                                                                                                                                                    SHA-256:D3623B0DBF44D0C7BDA3A8637F640ADB9AB65C05FB7DCCAA4AFDB478F68BFC50
                                                                                                                                                                                                                                                                                                                                                    SHA-512:92BEA91F44CE2B0ECB27F528FFD93F6AA837783D5BB75281AF9298B2B1F6D5A93FE47CF47BA7303BEB537623D96D6BD99140743BE9E019549A9DA5CD81D4E61D
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{74ccab39-7a8e-42ca-9640-4f8a41cdc173}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1734346652995,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P17716...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...20890,"originA...."f

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.029932222205473
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:ycJMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:8TEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                    MD5:4D51C0862338A925C0B9F8DB2B717758
                                                                                                                                                                                                                                                                                                                                                    SHA1:36C677AD8B8D58F88C2D690C01BA6C6AA84D64FC
                                                                                                                                                                                                                                                                                                                                                    SHA-256:158C95CD7FE11583A9F742CBAC87C4A80C01F0C8F3FBACB6F41BA4E40587DA38
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1A9EDCEE2EB021586C0646DD65293B5131ADB1B647D86150AC456C3B97A8870942C57BC2A8B2B863F367660E12626881157196A7E8CB48625F172CE903B06E42
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:57:13.412Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.029932222205473
                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:ycJMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:8TEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                    MD5:4D51C0862338A925C0B9F8DB2B717758
                                                                                                                                                                                                                                                                                                                                                    SHA1:36C677AD8B8D58F88C2D690C01BA6C6AA84D64FC
                                                                                                                                                                                                                                                                                                                                                    SHA-256:158C95CD7FE11583A9F742CBAC87C4A80C01F0C8F3FBACB6F41BA4E40587DA38
                                                                                                                                                                                                                                                                                                                                                    SHA-512:1A9EDCEE2EB021586C0646DD65293B5131ADB1B647D86150AC456C3B97A8870942C57BC2A8B2B863F367660E12626881157196A7E8CB48625F172CE903B06E42
                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:57:13.412Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.690216348347299
                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                    File name:mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                    File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5:1993ad089d3aac67b807530545d56ec3
                                                                                                                                                                                                                                                                                                                                                    SHA1:d0915d407850675757b009f5f3e638278421840c
                                                                                                                                                                                                                                                                                                                                                    SHA256:a28740f6aff30052e217cb6960de51b5697248ed6902340ad275c0d4e832c763
                                                                                                                                                                                                                                                                                                                                                    SHA512:c75c3c597a7de50e05181e5f0e951e041e565b22781e9deda49a2e71efe0a87d0e250c06ee8db65b5f5a36a1c747053881728a0961a7bdf7d6509935f84d61bf
                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8arP0:zTvC/MTQYxsWR7ar
                                                                                                                                                                                                                                                                                                                                                    TLSH:89259E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x675FC5C7 [Mon Dec 16 06:16:39 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE17643h
                                                                                                                                                                                                                                                                                                                                                    jmp 00007F3AECE16F4Fh
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE1712Dh
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE170FAh
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE19CEDh
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE19D38h
                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                    call 00007F3AECE19D21h
                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x14c64.rsrc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe90000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x14c640x14e00f9d330295aae50f96eaff8ea65343f3dFalse0.6800383607784432data7.093705553194967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                    .reloc0xe90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xbde8data1.000431956557512
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe86e40x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe875c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe87700x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe87840x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xe87980xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xe88740x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.238162041 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.238212109 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.247931004 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.296225071 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.296250105 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.933291912 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940639973 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940687895 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940798998 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940846920 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.944180012 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.944196939 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.946604967 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.946629047 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.948056936 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.948088884 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.053232908 CET804971134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.054846048 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.055217981 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.175012112 CET804971134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.196763992 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.196814060 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.197396040 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.197535038 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.197554111 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.208519936 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.208594084 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.208760977 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.210216045 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.210237980 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.227011919 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.227041006 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.228003025 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.229726076 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.229737043 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.294898033 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.294964075 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.295094013 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.295231104 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.295243025 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.533132076 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.533152103 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.533217907 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.565362930 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.565397024 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.565630913 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.565778017 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.573883057 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.160296917 CET804971134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.357458115 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.414000034 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.414160967 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.417192936 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.417202950 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.417505026 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.419718027 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.419816017 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.419964075 CET4434971435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.420144081 CET49714443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.432050943 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.432712078 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.437349081 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.437361002 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.437438965 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.437575102 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.437707901 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.451095104 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.455338001 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.458422899 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.463438988 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.463473082 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.463535070 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.463769913 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.464497089 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.521671057 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.521897078 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.524820089 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.524833918 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.525096893 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.527251959 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.527326107 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.527501106 CET4434971734.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.527554989 CET49717443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.653255939 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.653491974 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.654043913 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.654189110 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.658531904 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.658570051 CET4434972034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.659220934 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.660810947 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.660904884 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.660917044 CET4434972034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661068916 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661068916 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661084890 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661277056 CET44349712142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661345005 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.661552906 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.662245989 CET49712443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.662259102 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.666373968 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.666405916 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.666486025 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.666623116 CET44349713142.250.181.110192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.666734934 CET49713443192.168.2.5142.250.181.110
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.696247101 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.696276903 CET4434972134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.696556091 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.697962999 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.697974920 CET4434972134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.739645004 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.859740019 CET804971134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.859813929 CET4971180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.252279043 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.252340078 CET4434972234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.254040003 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.255644083 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.255662918 CET4434972234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.390222073 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.390450001 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510102987 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510130882 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510195017 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510252953 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510385036 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510524988 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.630542994 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.630680084 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.882173061 CET4434972034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.882266998 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.887664080 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.887687922 CET4434972034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.887754917 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.887924910 CET4434972034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.887979984 CET49720443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.917973995 CET4434972134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.922636032 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.927856922 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.927871943 CET4434972134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.927947044 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.928036928 CET4434972134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.928247929 CET49721443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.036324024 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.036364079 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.036578894 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.036732912 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.036742926 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.399801970 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.399854898 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.400753975 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.402193069 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.402201891 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.473368883 CET4434972234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.480073929 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.484894037 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.484913111 CET4434972234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.485018015 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.485064983 CET4434972234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.485450983 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.485559940 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.495646954 CET49722443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.495717049 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.497411013 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.497451067 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.594531059 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.595431089 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.642847061 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.643841982 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.032511950 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.032574892 CET4434972934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.034132957 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.035618067 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.035631895 CET4434972934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.254422903 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.256916046 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.259895086 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.259913921 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.260164976 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.262394905 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.262482882 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.262553930 CET4434972535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.262679100 CET49725443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.622423887 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.622530937 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628243923 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628269911 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628375053 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628478050 CET4434972734.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628526926 CET49727443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628771067 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628798962 CET4434973034.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.628895998 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.630247116 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.630259037 CET4434973034.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.721818924 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.721856117 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.721982956 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.727802038 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.727844000 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.727900982 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.728410959 CET4434972834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.728485107 CET49728443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.247564077 CET4434972934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.247638941 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.251836061 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.251857996 CET4434972934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.251949072 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.252013922 CET4434972934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.252099037 CET49729443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.840317011 CET4434973034.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.840401888 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.844975948 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.844986916 CET4434973034.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.845072985 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.845145941 CET4434973034.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:58.845211029 CET49730443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.071310043 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.191344976 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.235693932 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.238503933 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.238554955 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.242938995 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.244451046 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.244494915 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.281688929 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.281785011 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.289845943 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.290303946 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.290347099 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.290410995 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.290446997 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.295507908 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.295680046 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.295695066 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.355473042 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.385592937 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.437903881 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.550059080 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.568926096 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.603235006 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.688761950 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.883258104 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.943260908 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.460726023 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.465718985 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.502644062 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.502659082 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.502739906 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.505680084 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:00.505793095 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.688848972 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.688885927 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.689198971 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.691081047 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.691113949 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.692070961 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695182085 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695225000 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695252895 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695353985 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695528984 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.695569992 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.697182894 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.697247028 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.697587013 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.698312044 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:01.698318005 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.812653065 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.822813988 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.822876930 CET4434975234.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.823335886 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.824839115 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.824857950 CET4434975234.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.932575941 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:06.127650023 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:06.171020985 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.036804914 CET4434975234.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.042330980 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.051969051 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.051994085 CET4434975234.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.052059889 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.052278042 CET4434975234.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.052339077 CET49752443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.508239985 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.628024101 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.822186947 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.876158953 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.768868923 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.888623953 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.083172083 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.133210897 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.540484905 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.660439014 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.854583025 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.897769928 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.016076088 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.016123056 CET4434978334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.016494036 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.018018961 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.018030882 CET4434978334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.093477011 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.213193893 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.229103088 CET4434978334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.229171991 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.234555006 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.234560966 CET4434978334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.234662056 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.234682083 CET4434978334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.235924006 CET49783443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.237874985 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.358757019 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.553570986 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.557558060 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.594918013 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.677479982 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.871541977 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.927076101 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.585447073 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.585489988 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.586807966 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.586863995 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.593550920 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.593585968 CET4434979135.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.595537901 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.595568895 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.595585108 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.595702887 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.595712900 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.597310066 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.597325087 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.597328901 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.597342968 CET4434979135.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727370977 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727425098 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727653027 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727653027 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727691889 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.739510059 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.739556074 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.739749908 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.741415024 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.741431952 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.810527086 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.810542107 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.810590982 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.810606956 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.810638905 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.811186075 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.813880920 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.813911915 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.814183950 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.816226959 CET4434979135.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.816678047 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.816688061 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.816984892 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.817023993 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.821482897 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.821582079 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.821800947 CET4434979035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.822170973 CET49790443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.824986935 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825206041 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825330019 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825701952 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825701952 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825716972 CET4434979135.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.825931072 CET4434979135.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.827475071 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.827529907 CET49791443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.829221964 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.054547071 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.061655045 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.064493895 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.067861080 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.067878962 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.068114042 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.070797920 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.070911884 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.070939064 CET44349792151.101.65.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.071033955 CET49792443192.168.2.5151.101.65.91
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.079010010 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.079051018 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.079477072 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.079585075 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.079593897 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.080815077 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.080862045 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.081060886 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.081190109 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.081208944 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.082698107 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.082789898 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.082932949 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.083059072 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.083092928 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.168617010 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.172589064 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.183691025 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.183794975 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.188052893 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.188064098 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.188153028 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.188481092 CET4434979335.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.191025019 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.197052002 CET49793443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.202306032 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.202356100 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.202569008 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.202742100 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.202758074 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.292269945 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.310722113 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.491820097 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.505680084 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.515906096 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.556860924 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.635826111 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.829782963 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.873379946 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.297169924 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.297262907 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.300462008 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.300472021 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.300728083 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.303219080 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.303292036 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.303910017 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.305628061 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.305639029 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.305660009 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.305808067 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.305846930 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.306087971 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.306097031 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.306464911 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.308480978 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.308506012 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.308737993 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.312730074 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.314263105 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.314337969 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.314486980 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.315357924 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.315440893 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.315458059 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.315515995 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.315519094 CET4434979935.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.316035032 CET49799443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.414859056 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.415165901 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.418312073 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.418319941 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.418570042 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.420912981 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.421025038 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.421070099 CET4434980234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.421241999 CET49802443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.432521105 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.511348009 CET4434980035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.511430979 CET49800443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.626904964 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.631299019 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.675688028 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.751147032 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.945440054 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.992291927 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:33.636044979 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:33.756726027 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:33.952445984 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:34.072635889 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.357395887 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.357453108 CET4434984434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.357805967 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.359271049 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.359285116 CET4434984434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.572065115 CET4434984434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.572221994 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.577280045 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.577295065 CET4434984434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.577399015 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.577440023 CET4434984434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.578098059 CET49844443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.580261946 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.699975014 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.894650936 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.898267984 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.951057911 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:41.018060923 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:41.212152958 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:41.267563105 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.743884087 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.743928909 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.744956017 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.744956017 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.744987965 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.773542881 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.773586035 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.776664019 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.776819944 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.776837111 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.895031929 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.014841080 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.227225065 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.347028017 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.958081007 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.958170891 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.961705923 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.961713076 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.962276936 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.964634895 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.964772940 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.964931965 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.968724966 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.969758034 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.991343975 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.991422892 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.994832039 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.994843006 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.995115995 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.997621059 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.997718096 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.997776985 CET4434987134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.006469011 CET49871443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.089530945 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.284172058 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.306526899 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.345252037 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.426783085 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.620732069 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.684058905 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.312397957 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.432147026 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.628725052 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.748428106 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.441159010 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.561171055 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.757544994 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.973110914 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.754389048 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.754451036 CET4434994334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.754816055 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.756285906 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.756309986 CET4434994334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.969901085 CET4434994334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.970010042 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.974966049 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.974977016 CET4434994334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.975061893 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.975126028 CET4434994334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.975860119 CET49943443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.977818966 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.097785950 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.292181015 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.296056986 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.347402096 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.415834904 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.609987974 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.670576096 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.299046993 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.418966055 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.614639044 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.734342098 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.428028107 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.547940969 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.744540930 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.864284992 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.572773933 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.692481995 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.873800993 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.993695974 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:02.704060078 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:02.823698044 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:03.002243996 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:03.122059107 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:12.831218958 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:12.951265097 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:13.132153034 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:13.252070904 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:22.960195065 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:23.080418110 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:23.261224985 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:23.382528067 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:33.089687109 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:33.209580898 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:33.391921997 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:33.511651993 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.990773916 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.990830898 CET4435002434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.991202116 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.992847919 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.992862940 CET4435002434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:43.218352079 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:43.338308096 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:43.534928083 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:43.655335903 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.211258888 CET4435002434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.211458921 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.216886997 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.216912985 CET4435002434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.216981888 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.217396975 CET4435002434.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.217461109 CET50024443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.219890118 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.339835882 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.537338972 CET804972434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.542849064 CET4972380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.585000038 CET4972480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.662745953 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.857300997 CET804972334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.907596111 CET4972380192.168.2.534.107.221.82

                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.238811016 CET6044953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.377305984 CET53604491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.388108015 CET5508453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.525830030 CET53550841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.794406891 CET6069253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.795012951 CET5758753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.932431936 CET53606921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.933588982 CET5515753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940793991 CET5457753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.061094046 CET4960353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.072735071 CET53551571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.076225042 CET5968953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.077893019 CET53545771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.083025932 CET6265453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.092243910 CET6489253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.148540020 CET5244353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.197161913 CET5540253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.198271990 CET53496031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.213198900 CET53596891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.223339081 CET53626541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.224292994 CET5780153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.229340076 CET53648921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.251921892 CET6162953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.253423929 CET5350753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.286156893 CET53524431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.329345942 CET5767153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.335553885 CET53554021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.337039948 CET5762453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.361478090 CET53578011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.371006012 CET6195953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.389775038 CET53616291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.391520977 CET5509653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.466610909 CET53576711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.474464893 CET53576241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.475428104 CET5409453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.509016037 CET53619591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.511037111 CET5019053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.528716087 CET53550961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.612746954 CET53540941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.614106894 CET5551453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.648190022 CET53501901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.649194002 CET5758253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.751600981 CET53555141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.786406040 CET53575821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.810255051 CET53587691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.696466923 CET5550653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.738481998 CET5008653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.739226103 CET6122653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.833596945 CET53555061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.834534883 CET5375953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.876369953 CET53612261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.876724958 CET53500861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.971932888 CET53537591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.250327110 CET5469453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.254400015 CET6135353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.391918898 CET53613531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.400150061 CET5284853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.537267923 CET53528481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.540883064 CET5168353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.678263903 CET53516831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.164752960 CET5066253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.302328110 CET53506621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.303958893 CET5653153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.441121101 CET53565311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.444103956 CET5574053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.582483053 CET53557401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.827634096 CET5365553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.965002060 CET53536551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.622772932 CET4943853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.623068094 CET5618353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.623344898 CET5184053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET53494381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759876966 CET53561831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.760598898 CET53518401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.764332056 CET6235353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.764909029 CET6270853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.768676043 CET6235553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET53623531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901904106 CET53627081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.910108089 CET53623551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.919015884 CET5529753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.924072027 CET5801353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.924381971 CET5863153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.059370995 CET53552971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.060870886 CET53580131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062453032 CET5350553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062479019 CET53586311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062760115 CET4984353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET53535051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199832916 CET53498431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.507145882 CET5045653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.509603977 CET5286453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.644304037 CET53504561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.645148039 CET4932253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647185087 CET53528641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647784948 CET5643853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.782701015 CET53493221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.784833908 CET53564381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:17.877435923 CET4922953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.014846087 CET53492291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.016377926 CET6340053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.155303955 CET53634001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.238151073 CET4935253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.585448980 CET6399553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.586810112 CET6513953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.593641996 CET5125753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.723370075 CET53639951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727370024 CET5836953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.731492043 CET53512571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.798909903 CET53651391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.800127029 CET6130353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.800410986 CET5937153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.865834951 CET53583691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.868669987 CET5047253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.937331915 CET53613031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.937964916 CET53593711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.938693047 CET5919653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.007919073 CET53504721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.075808048 CET53591961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.830394030 CET5864553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.311430931 CET5633853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.357769012 CET6226553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.496016026 CET53622651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.745810986 CET5135153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.884164095 CET53513511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.614793062 CET6260653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.753238916 CET53626061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.754764080 CET4975553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.892008066 CET53497551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.708384991 CET6065453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.847345114 CET53606541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.849436998 CET5825753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.987423897 CET53582571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.990637064 CET5113453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:43.128456116 CET53511341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.220220089 CET5432453192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.238811016 CET192.168.2.51.1.1.10x5bb5Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.388108015 CET192.168.2.51.1.1.10x177cStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.794406891 CET192.168.2.51.1.1.10x3ebcStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.795012951 CET192.168.2.51.1.1.10x7bd6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.933588982 CET192.168.2.51.1.1.10x64d4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.940793991 CET192.168.2.51.1.1.10x7e0cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.061094046 CET192.168.2.51.1.1.10x29e5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.076225042 CET192.168.2.51.1.1.10xa8a3Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.083025932 CET192.168.2.51.1.1.10x24f2Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.092243910 CET192.168.2.51.1.1.10xf16Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.148540020 CET192.168.2.51.1.1.10xea4aStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.197161913 CET192.168.2.51.1.1.10xea3aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.224292994 CET192.168.2.51.1.1.10xd69eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.251921892 CET192.168.2.51.1.1.10xb0f3Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.253423929 CET192.168.2.51.1.1.10x1618Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.329345942 CET192.168.2.51.1.1.10xb9c5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.337039948 CET192.168.2.51.1.1.10x3346Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.371006012 CET192.168.2.51.1.1.10x9bddStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.391520977 CET192.168.2.51.1.1.10x60c0Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.475428104 CET192.168.2.51.1.1.10x394eStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.511037111 CET192.168.2.51.1.1.10x79d9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.614106894 CET192.168.2.51.1.1.10xfadStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.649194002 CET192.168.2.51.1.1.10x65b6Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.696466923 CET192.168.2.51.1.1.10xb229Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.738481998 CET192.168.2.51.1.1.10xd9fdStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.739226103 CET192.168.2.51.1.1.10x6aa0Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.834534883 CET192.168.2.51.1.1.10x4b62Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.250327110 CET192.168.2.51.1.1.10x7163Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.254400015 CET192.168.2.51.1.1.10x9c80Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.400150061 CET192.168.2.51.1.1.10x79d6Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.540883064 CET192.168.2.51.1.1.10xd04eStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.164752960 CET192.168.2.51.1.1.10x7d66Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.303958893 CET192.168.2.51.1.1.10x40a0Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.444103956 CET192.168.2.51.1.1.10x3de3Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.827634096 CET192.168.2.51.1.1.10xd8cfStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.622772932 CET192.168.2.51.1.1.10xf696Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.623068094 CET192.168.2.51.1.1.10x70a6Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.623344898 CET192.168.2.51.1.1.10x2305Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.764332056 CET192.168.2.51.1.1.10x26d4Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.764909029 CET192.168.2.51.1.1.10xf0bStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.768676043 CET192.168.2.51.1.1.10x428Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.919015884 CET192.168.2.51.1.1.10x7b3fStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.924072027 CET192.168.2.51.1.1.10xc2ecStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.924381971 CET192.168.2.51.1.1.10xaeb4Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062453032 CET192.168.2.51.1.1.10x732cStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062760115 CET192.168.2.51.1.1.10xaa17Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.507145882 CET192.168.2.51.1.1.10xf596Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.509603977 CET192.168.2.51.1.1.10xdc45Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.645148039 CET192.168.2.51.1.1.10x9b54Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647784948 CET192.168.2.51.1.1.10xaa98Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:17.877435923 CET192.168.2.51.1.1.10xc77cStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.016377926 CET192.168.2.51.1.1.10xf432Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.238151073 CET192.168.2.51.1.1.10x5be6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.585448980 CET192.168.2.51.1.1.10x518cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.586810112 CET192.168.2.51.1.1.10x272aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.593641996 CET192.168.2.51.1.1.10xaea2Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.727370024 CET192.168.2.51.1.1.10xe7bcStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.800127029 CET192.168.2.51.1.1.10xf42bStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.800410986 CET192.168.2.51.1.1.10xbe00Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.868669987 CET192.168.2.51.1.1.10xf043Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.938693047 CET192.168.2.51.1.1.10xa83cStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.830394030 CET192.168.2.51.1.1.10x85bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.311430931 CET192.168.2.51.1.1.10xfa99Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:39.357769012 CET192.168.2.51.1.1.10x163cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.745810986 CET192.168.2.51.1.1.10x20d4Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.614793062 CET192.168.2.51.1.1.10x2271Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.754764080 CET192.168.2.51.1.1.10x7e19Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.708384991 CET192.168.2.51.1.1.10xc110Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.849436998 CET192.168.2.51.1.1.10xed2dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.990637064 CET192.168.2.51.1.1.10x8fe1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.220220089 CET192.168.2.51.1.1.10xb806Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.231086016 CET1.1.1.1192.168.2.50xf097No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.377305984 CET1.1.1.1192.168.2.50x5bb5No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.932188034 CET1.1.1.1192.168.2.50x7bd6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.932188034 CET1.1.1.1192.168.2.50x7bd6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:52.932431936 CET1.1.1.1192.168.2.50x3ebcNo error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.072735071 CET1.1.1.1192.168.2.50x64d4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.077893019 CET1.1.1.1192.168.2.50x7e0cNo error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.193676949 CET1.1.1.1192.168.2.50x2f3fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.193676949 CET1.1.1.1192.168.2.50x2f3fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.198271990 CET1.1.1.1192.168.2.50x29e5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.213198900 CET1.1.1.1192.168.2.50xa8a3No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.223339081 CET1.1.1.1192.168.2.50x24f2No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.223339081 CET1.1.1.1192.168.2.50x24f2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.229340076 CET1.1.1.1192.168.2.50xf16No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.286156893 CET1.1.1.1192.168.2.50xea4aNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.286156893 CET1.1.1.1192.168.2.50xea4aNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.286156893 CET1.1.1.1192.168.2.50xea4aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.335553885 CET1.1.1.1192.168.2.50xea3aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.361478090 CET1.1.1.1192.168.2.50xd69eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.389775038 CET1.1.1.1192.168.2.50xb0f3No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.466610909 CET1.1.1.1192.168.2.50xb9c5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.467493057 CET1.1.1.1192.168.2.50x1618No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.612746954 CET1.1.1.1192.168.2.50x394eNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.648190022 CET1.1.1.1192.168.2.50x79d9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.751600981 CET1.1.1.1192.168.2.50xfadNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.693552017 CET1.1.1.1192.168.2.50x39aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.833596945 CET1.1.1.1192.168.2.50xb229No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.876369953 CET1.1.1.1192.168.2.50x6aa0No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.876369953 CET1.1.1.1192.168.2.50x6aa0No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.876724958 CET1.1.1.1192.168.2.50xd9fdNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.387856007 CET1.1.1.1192.168.2.50x7163No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.387856007 CET1.1.1.1192.168.2.50x7163No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.034395933 CET1.1.1.1192.168.2.50x7516No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.034395933 CET1.1.1.1192.168.2.50x7516No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.391918898 CET1.1.1.1192.168.2.50x9c80No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.391918898 CET1.1.1.1192.168.2.50x9c80No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.537267923 CET1.1.1.1192.168.2.50x79d6No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:57.002427101 CET1.1.1.1192.168.2.50x145No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.302328110 CET1.1.1.1192.168.2.50x7d66No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.302328110 CET1.1.1.1192.168.2.50x7d66No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.302328110 CET1.1.1.1192.168.2.50x7d66No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.441121101 CET1.1.1.1192.168.2.50x40a0No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759845018 CET1.1.1.1192.168.2.50xf696No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759876966 CET1.1.1.1192.168.2.50x70a6No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.759876966 CET1.1.1.1192.168.2.50x70a6No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.760598898 CET1.1.1.1192.168.2.50x2305No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.760598898 CET1.1.1.1192.168.2.50x2305No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901855946 CET1.1.1.1192.168.2.50x26d4No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.901904106 CET1.1.1.1192.168.2.50xf0bNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.910108089 CET1.1.1.1192.168.2.50x428No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.059370995 CET1.1.1.1192.168.2.50x7b3fNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.060870886 CET1.1.1.1192.168.2.50xc2ecNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.060870886 CET1.1.1.1192.168.2.50xc2ecNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.060870886 CET1.1.1.1192.168.2.50xc2ecNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.060870886 CET1.1.1.1192.168.2.50xc2ecNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.062479019 CET1.1.1.1192.168.2.50xaeb4No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET1.1.1.1192.168.2.50x732cNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET1.1.1.1192.168.2.50x732cNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET1.1.1.1192.168.2.50x732cNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET1.1.1.1192.168.2.50x732cNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199817896 CET1.1.1.1192.168.2.50x732cNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.199832916 CET1.1.1.1192.168.2.50xaa17No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.644304037 CET1.1.1.1192.168.2.50xf596No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647185087 CET1.1.1.1192.168.2.50xdc45No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647185087 CET1.1.1.1192.168.2.50xdc45No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647185087 CET1.1.1.1192.168.2.50xdc45No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.647185087 CET1.1.1.1192.168.2.50xdc45No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:18.014846087 CET1.1.1.1192.168.2.50xc77cNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.376019955 CET1.1.1.1192.168.2.50x5be6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.376019955 CET1.1.1.1192.168.2.50x5be6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.723370075 CET1.1.1.1192.168.2.50x518cNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.723370075 CET1.1.1.1192.168.2.50x518cNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.723370075 CET1.1.1.1192.168.2.50x518cNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.723370075 CET1.1.1.1192.168.2.50x518cNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.731492043 CET1.1.1.1192.168.2.50xaea2No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.731492043 CET1.1.1.1192.168.2.50xaea2No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.798909903 CET1.1.1.1192.168.2.50x272aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.865834951 CET1.1.1.1192.168.2.50xe7bcNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.865834951 CET1.1.1.1192.168.2.50xe7bcNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.865834951 CET1.1.1.1192.168.2.50xe7bcNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.865834951 CET1.1.1.1192.168.2.50xe7bcNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:20.937964916 CET1.1.1.1192.168.2.50xbe00No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.007919073 CET1.1.1.1192.168.2.50xf043No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.007919073 CET1.1.1.1192.168.2.50xf043No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.007919073 CET1.1.1.1192.168.2.50xf043No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.007919073 CET1.1.1.1192.168.2.50xf043No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.168587923 CET1.1.1.1192.168.2.50x85bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.168587923 CET1.1.1.1192.168.2.50x85bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.506858110 CET1.1.1.1192.168.2.50xfa99No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.506858110 CET1.1.1.1192.168.2.50xfa99No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.818710089 CET1.1.1.1192.168.2.50x9a3eNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.818710089 CET1.1.1.1192.168.2.50x9a3eNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:20.753238916 CET1.1.1.1192.168.2.50x2271No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.847345114 CET1.1.1.1192.168.2.50xc110No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:42.987423897 CET1.1.1.1192.168.2.50xed2dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.357630968 CET1.1.1.1192.168.2.50xb806No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.357630968 CET1.1.1.1192.168.2.50xb806No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    0192.168.2.54971134.107.221.82801776C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:53.055217981 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:54.160296917 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 66087
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    1192.168.2.54972334.107.221.82801776C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510385036 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.594531059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75792
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.071310043 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.385592937 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75795
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.568926096 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.883258104 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75795
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.508239985 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:07.822186947 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75803
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.540484905 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.854583025 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75805
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.557558060 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.871541977 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75815
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.172589064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.491820097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75818
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.515906096 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.829782963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75818
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.631299019 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.945440054 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75819
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:33.952445984 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.898267984 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:41.212152958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75837
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.227225065 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.306526899 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.620732069 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75848
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.628725052 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.757544994 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.296056986 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.609987974 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75878
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.614639044 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.744540930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.873800993 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:03.002243996 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:13.132153034 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:23.261224985 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.542849064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.857300997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 75960
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                    2192.168.2.54972434.107.221.82801776C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:55.510524988 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:56.595431089 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82351
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.235693932 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:01:59.550059080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82354
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:05.812653065 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:06.127650023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82360
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:08.768868923 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:09.083172083 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82363
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.093477011 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.237874985 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:19.553570986 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82374
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:21.829221964 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.168617010 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82376
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.191025019 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:22.505680084 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82377
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.312730074 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:23.626904964 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82378
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:33.636044979 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.580261946 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:40.894650936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82395
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:50.895031929 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:51.969758034 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:02:52.284172058 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82407
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:02.312397957 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:12.441159010 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:21.977818966 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:22.292181015 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82437
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:32.299046993 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:42.428028107 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:03:52.572773933 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:02.704060078 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:12.831218958 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.219890118 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:04:44.537338972 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                    Age: 82519
                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:43
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\mdPov8VTwi.exe"
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x4f0000
                                                                                                                                                                                                                                                                                                                                                    File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:1993AD089D3AAC67B807530545D56EC3
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:44
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:44
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:46
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:47
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:47
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:47
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:47
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:47
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:49
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67fa72eb-d6a8-4f63-9d27-8513cda68da4} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66e510 socket
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:51
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -parentBuildID 20230927232528 -prefsHandle 2756 -prefMapHandle 2944 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {026b4b50-dad8-481f-9093-ead650aec1a6} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17b8d7d5310 rdd
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                    Start time:04:01:56
                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3528 -prefMapHandle 3392 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0900ff-a6a0-42cf-ac74-8f9e3697825c} 1776 "\\.\pipe\gecko-crash-server-pipe.1776" 17bfd66df10 utility
                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:6.4%
                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1733
                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:65
                                                                                                                                                                                                                                                                                                                                                      execution_graph 94371 54d255 94374 4f3b1c 94371->94374 94373 54d275 94373->94373 94375 4f3b8c 94374->94375 94376 4f3b29 94374->94376 94375->94373 94376->94375 94377 4f3b30 RegOpenKeyExW 94376->94377 94377->94375 94378 4f3b4a RegQueryValueExW 94377->94378 94379 4f3b6b 94378->94379 94380 4f3b80 RegCloseKey 94378->94380 94379->94380 94380->94375 94381 50f698 94382 50f6a2 94381->94382 94384 50f6c3 94381->94384 94390 4faf8a 94382->94390 94388 54f2f8 94384->94388 94398 554d4a 22 API calls ISource 94384->94398 94385 50f6b2 94387 4faf8a 22 API calls 94385->94387 94389 50f6c2 94387->94389 94391 4faf98 94390->94391 94397 4fafc0 ISource 94390->94397 94392 4fafa6 94391->94392 94393 4faf8a 22 API calls 94391->94393 94394 4fafac 94392->94394 94395 4faf8a 22 API calls 94392->94395 94393->94392 94394->94397 94399 4fb090 94394->94399 94395->94394 94397->94385 94398->94384 94400 4fb09b ISource 94399->94400 94401 4fb0d6 ISource 94400->94401 94403 50ce17 22 API calls ISource 94400->94403 94401->94397 94403->94401 94404 4f1044 94409 4f10f3 94404->94409 94406 4f104a 94445 5100a3 29 API calls __onexit 94406->94445 94408 4f1054 94446 4f1398 94409->94446 94413 4f116a 94456 4fa961 94413->94456 94416 4fa961 22 API calls 94417 4f117e 94416->94417 94418 4fa961 22 API calls 94417->94418 94419 4f1188 94418->94419 94420 4fa961 22 API calls 94419->94420 94421 4f11c6 94420->94421 94422 4fa961 22 API calls 94421->94422 94423 4f1292 94422->94423 94461 4f171c 94423->94461 94427 4f12c4 94428 4fa961 22 API calls 94427->94428 94429 4f12ce 94428->94429 94482 501940 94429->94482 94431 4f12f9 94492 4f1aab 94431->94492 94433 4f1315 94434 4f1325 GetStdHandle 94433->94434 94435 4f137a 94434->94435 94436 532485 94434->94436 94439 4f1387 OleInitialize 94435->94439 94436->94435 94437 53248e 94436->94437 94499 50fddb 94437->94499 94439->94406 94440 532495 94509 56011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94440->94509 94442 53249e 94510 560944 CreateThread 94442->94510 94444 5324aa CloseHandle 94444->94435 94445->94408 94511 4f13f1 94446->94511 94449 4f13f1 22 API calls 94450 4f13d0 94449->94450 94451 4fa961 22 API calls 94450->94451 94452 4f13dc 94451->94452 94518 4f6b57 94452->94518 94454 4f1129 94455 4f1bc3 6 API calls 94454->94455 94455->94413 94457 50fe0b 22 API calls 94456->94457 94458 4fa976 94457->94458 94459 50fddb 22 API calls 94458->94459 94460 4f1174 94459->94460 94460->94416 94462 4fa961 22 API calls 94461->94462 94463 4f172c 94462->94463 94464 4fa961 22 API calls 94463->94464 94465 4f1734 94464->94465 94466 4fa961 22 API calls 94465->94466 94467 4f174f 94466->94467 94468 50fddb 22 API calls 94467->94468 94469 4f129c 94468->94469 94470 4f1b4a 94469->94470 94471 4f1b58 94470->94471 94472 4fa961 22 API calls 94471->94472 94473 4f1b63 94472->94473 94474 4fa961 22 API calls 94473->94474 94475 4f1b6e 94474->94475 94476 4fa961 22 API calls 94475->94476 94477 4f1b79 94476->94477 94478 4fa961 22 API calls 94477->94478 94479 4f1b84 94478->94479 94480 50fddb 22 API calls 94479->94480 94481 4f1b96 RegisterWindowMessageW 94480->94481 94481->94427 94483 501981 94482->94483 94490 50195d 94482->94490 94563 510242 5 API calls __Init_thread_wait 94483->94563 94486 50198b 94486->94490 94564 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94486->94564 94487 508727 94491 50196e 94487->94491 94566 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94487->94566 94490->94491 94565 510242 5 API calls __Init_thread_wait 94490->94565 94491->94431 94493 4f1abb 94492->94493 94494 53272d 94492->94494 94495 50fddb 22 API calls 94493->94495 94567 563209 23 API calls 94494->94567 94497 4f1ac3 94495->94497 94497->94433 94498 532738 94501 50fde0 94499->94501 94500 51ea0c ___std_exception_copy 21 API calls 94500->94501 94501->94500 94502 50fdfa 94501->94502 94504 50fdfc 94501->94504 94568 514ead 7 API calls 2 library calls 94501->94568 94502->94440 94505 51066d 94504->94505 94569 5132a4 RaiseException 94504->94569 94570 5132a4 RaiseException 94505->94570 94508 51068a 94508->94440 94509->94442 94510->94444 94571 56092a 28 API calls 94510->94571 94512 4fa961 22 API calls 94511->94512 94513 4f13fc 94512->94513 94514 4fa961 22 API calls 94513->94514 94515 4f1404 94514->94515 94516 4fa961 22 API calls 94515->94516 94517 4f13c6 94516->94517 94517->94449 94519 534ba1 94518->94519 94520 4f6b67 _wcslen 94518->94520 94541 4f93b2 94519->94541 94523 4f6b7d 94520->94523 94524 4f6ba2 94520->94524 94522 534baa 94522->94522 94530 4f6f34 22 API calls 94523->94530 94526 50fddb 22 API calls 94524->94526 94528 4f6bae 94526->94528 94527 4f6b85 __fread_nolock 94527->94454 94531 50fe0b 94528->94531 94530->94527 94533 50fddb 94531->94533 94534 50fdfa 94533->94534 94537 50fdfc 94533->94537 94545 51ea0c 94533->94545 94552 514ead 7 API calls 2 library calls 94533->94552 94534->94527 94536 51066d 94554 5132a4 RaiseException 94536->94554 94537->94536 94553 5132a4 RaiseException 94537->94553 94540 51068a 94540->94527 94542 4f93c0 94541->94542 94544 4f93c9 __fread_nolock 94541->94544 94542->94544 94557 4faec9 94542->94557 94544->94522 94547 523820 pre_c_initialization 94545->94547 94546 52385e 94556 51f2d9 20 API calls __dosmaperr 94546->94556 94547->94546 94549 523849 RtlAllocateHeap 94547->94549 94555 514ead 7 API calls 2 library calls 94547->94555 94549->94547 94550 52385c 94549->94550 94550->94533 94552->94533 94553->94536 94554->94540 94555->94547 94556->94550 94558 4faedc 94557->94558 94562 4faed9 __fread_nolock 94557->94562 94559 50fddb 22 API calls 94558->94559 94560 4faee7 94559->94560 94561 50fe0b 22 API calls 94560->94561 94561->94562 94562->94544 94563->94486 94564->94490 94565->94487 94566->94491 94567->94498 94568->94501 94569->94505 94570->94508 94572 54d35f 94573 54d30c 94572->94573 94575 55df27 SHGetFolderPathW 94573->94575 94576 4f6b57 22 API calls 94575->94576 94577 55df54 94576->94577 94577->94573 94578 54d79f 94579 4f3b1c 3 API calls 94578->94579 94580 54d7bf 94579->94580 94583 4f9c6e 22 API calls 94580->94583 94582 54d7ef 94582->94582 94583->94582 94584 582a55 94592 561ebc 94584->94592 94587 582a70 94594 5539c0 22 API calls 94587->94594 94588 582a87 94590 582a7c 94595 55417d 22 API calls __fread_nolock 94590->94595 94593 561ec3 IsWindow 94592->94593 94593->94587 94593->94588 94594->94590 94595->94588 94596 54d29a 94599 55de27 WSAStartup 94596->94599 94598 54d2a5 94600 55de50 gethostname gethostbyname 94599->94600 94602 55dee6 94599->94602 94600->94602 94603 55de73 __fread_nolock 94600->94603 94601 55de87 94605 55dede WSACleanup 94601->94605 94602->94598 94603->94601 94604 55dea5 inet_ntoa 94603->94604 94606 55debe _strcat 94604->94606 94605->94602 94608 55ebd1 94606->94608 94609 55ec37 94608->94609 94610 55ebe0 _strlen 94608->94610 94609->94601 94611 55ebef MultiByteToWideChar 94610->94611 94611->94609 94612 55ec04 94611->94612 94613 50fe0b 22 API calls 94612->94613 94614 55ec20 MultiByteToWideChar 94613->94614 94614->94609 94615 528402 94620 5281be 94615->94620 94619 52842a 94625 5281ef try_get_first_available_module 94620->94625 94622 5283ee 94639 5227ec 26 API calls pre_c_initialization 94622->94639 94624 528343 94624->94619 94632 530984 94624->94632 94631 528338 94625->94631 94635 518e0b 40 API calls 2 library calls 94625->94635 94627 52838c 94627->94631 94636 518e0b 40 API calls 2 library calls 94627->94636 94629 5283ab 94629->94631 94637 518e0b 40 API calls 2 library calls 94629->94637 94631->94624 94638 51f2d9 20 API calls __dosmaperr 94631->94638 94640 530081 94632->94640 94634 53099f 94634->94619 94635->94627 94636->94629 94637->94631 94638->94622 94639->94624 94643 53008d ___BuildCatchObject 94640->94643 94641 53009b 94698 51f2d9 20 API calls __dosmaperr 94641->94698 94643->94641 94645 5300d4 94643->94645 94644 5300a0 94699 5227ec 26 API calls pre_c_initialization 94644->94699 94651 53065b 94645->94651 94650 5300aa __fread_nolock 94650->94634 94701 53042f 94651->94701 94654 5306a6 94719 525221 94654->94719 94655 53068d 94733 51f2c6 20 API calls __dosmaperr 94655->94733 94658 5306ab 94659 5306b4 94658->94659 94660 5306cb 94658->94660 94735 51f2c6 20 API calls __dosmaperr 94659->94735 94732 53039a CreateFileW 94660->94732 94664 5306b9 94736 51f2d9 20 API calls __dosmaperr 94664->94736 94666 530781 GetFileType 94667 53078c GetLastError 94666->94667 94674 5307d3 94666->94674 94739 51f2a3 20 API calls __dosmaperr 94667->94739 94668 530756 GetLastError 94738 51f2a3 20 API calls __dosmaperr 94668->94738 94670 530704 94670->94666 94670->94668 94737 53039a CreateFileW 94670->94737 94672 530692 94734 51f2d9 20 API calls __dosmaperr 94672->94734 94673 53079a CloseHandle 94673->94672 94676 5307c3 94673->94676 94741 52516a 21 API calls 2 library calls 94674->94741 94740 51f2d9 20 API calls __dosmaperr 94676->94740 94678 530749 94678->94666 94678->94668 94680 5307f4 94682 530840 94680->94682 94742 5305ab 72 API calls 3 library calls 94680->94742 94681 5307c8 94681->94672 94686 53086d 94682->94686 94743 53014d 72 API calls 4 library calls 94682->94743 94685 530866 94685->94686 94687 53087e 94685->94687 94744 5286ae 94686->94744 94689 5300f8 94687->94689 94690 5308fc CloseHandle 94687->94690 94700 530121 LeaveCriticalSection __wsopen_s 94689->94700 94759 53039a CreateFileW 94690->94759 94692 530927 94693 53095d 94692->94693 94694 530931 GetLastError 94692->94694 94693->94689 94760 51f2a3 20 API calls __dosmaperr 94694->94760 94696 53093d 94761 525333 21 API calls 2 library calls 94696->94761 94698->94644 94699->94650 94700->94650 94702 530450 94701->94702 94703 53046a 94701->94703 94702->94703 94769 51f2d9 20 API calls __dosmaperr 94702->94769 94762 5303bf 94703->94762 94706 53045f 94770 5227ec 26 API calls pre_c_initialization 94706->94770 94708 5304a2 94709 5304d1 94708->94709 94771 51f2d9 20 API calls __dosmaperr 94708->94771 94716 530524 94709->94716 94773 51d70d 26 API calls 2 library calls 94709->94773 94712 53051f 94714 53059e 94712->94714 94712->94716 94713 5304c6 94772 5227ec 26 API calls pre_c_initialization 94713->94772 94774 5227fc 11 API calls _abort 94714->94774 94716->94654 94716->94655 94718 5305aa 94720 52522d ___BuildCatchObject 94719->94720 94777 522f5e EnterCriticalSection 94720->94777 94723 525259 94781 525000 21 API calls 3 library calls 94723->94781 94725 5252a4 __fread_nolock 94725->94658 94726 525234 94726->94723 94728 5252c7 EnterCriticalSection 94726->94728 94730 52527b 94726->94730 94727 52525e 94727->94730 94782 525147 EnterCriticalSection 94727->94782 94729 5252d4 LeaveCriticalSection 94728->94729 94728->94730 94729->94726 94778 52532a 94730->94778 94732->94670 94733->94672 94734->94689 94735->94664 94736->94672 94737->94678 94738->94672 94739->94673 94740->94681 94741->94680 94742->94682 94743->94685 94784 5253c4 94744->94784 94746 5286c4 94797 525333 21 API calls 2 library calls 94746->94797 94748 5286be 94748->94746 94750 5253c4 __wsopen_s 26 API calls 94748->94750 94758 5286f6 94748->94758 94749 52871c 94757 52873e 94749->94757 94798 51f2a3 20 API calls __dosmaperr 94749->94798 94752 5286ed 94750->94752 94751 5253c4 __wsopen_s 26 API calls 94753 528702 CloseHandle 94751->94753 94756 5253c4 __wsopen_s 26 API calls 94752->94756 94753->94746 94754 52870e GetLastError 94753->94754 94754->94746 94756->94758 94757->94689 94758->94746 94758->94751 94759->94692 94760->94696 94761->94693 94764 5303d7 94762->94764 94763 5303f2 94763->94708 94764->94763 94775 51f2d9 20 API calls __dosmaperr 94764->94775 94766 530416 94776 5227ec 26 API calls pre_c_initialization 94766->94776 94768 530421 94768->94708 94769->94706 94770->94703 94771->94713 94772->94709 94773->94712 94774->94718 94775->94766 94776->94768 94777->94726 94783 522fa6 LeaveCriticalSection 94778->94783 94780 525331 94780->94725 94781->94727 94782->94730 94783->94780 94785 5253d1 94784->94785 94786 5253e6 94784->94786 94799 51f2c6 20 API calls __dosmaperr 94785->94799 94791 52540b 94786->94791 94801 51f2c6 20 API calls __dosmaperr 94786->94801 94788 5253d6 94800 51f2d9 20 API calls __dosmaperr 94788->94800 94791->94748 94792 525416 94802 51f2d9 20 API calls __dosmaperr 94792->94802 94794 5253de 94794->94748 94795 52541e 94803 5227ec 26 API calls pre_c_initialization 94795->94803 94797->94749 94798->94757 94799->94788 94800->94794 94801->94792 94802->94795 94803->94794 94804 532402 94807 4f1410 94804->94807 94808 4f144f mciSendStringW 94807->94808 94809 5324b8 DestroyWindow 94807->94809 94810 4f146b 94808->94810 94811 4f16c6 94808->94811 94822 5324c4 94809->94822 94812 4f1479 94810->94812 94810->94822 94811->94810 94813 4f16d5 UnregisterHotKey 94811->94813 94840 4f182e 94812->94840 94813->94811 94815 5324e2 FindClose 94815->94822 94816 5324d8 94816->94822 94846 4f6246 CloseHandle 94816->94846 94818 532509 94821 53251c FreeLibrary 94818->94821 94823 53252d 94818->94823 94820 4f148e 94820->94823 94827 4f149c 94820->94827 94821->94818 94822->94815 94822->94816 94822->94818 94824 532541 VirtualFree 94823->94824 94829 4f1509 94823->94829 94824->94823 94825 4f14f8 CoUninitialize 94825->94829 94826 532589 94832 532598 ISource 94826->94832 94847 5632eb 6 API calls ISource 94826->94847 94827->94825 94829->94826 94830 4f1514 94829->94830 94844 4f1944 VirtualFreeEx CloseHandle 94830->94844 94836 532627 94832->94836 94848 5564d4 22 API calls ISource 94832->94848 94834 4f153a 94834->94832 94835 4f161f 94834->94835 94835->94836 94837 4f166d 94835->94837 94836->94836 94837->94836 94845 4f1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 94837->94845 94839 4f16c1 94841 4f183b 94840->94841 94842 4f1480 94841->94842 94849 55702a 22 API calls 94841->94849 94842->94818 94842->94820 94844->94834 94845->94839 94846->94816 94847->94826 94848->94832 94849->94841 94850 4f105b 94855 4f344d 94850->94855 94852 4f106a 94886 5100a3 29 API calls __onexit 94852->94886 94854 4f1074 94856 4f345d __wsopen_s 94855->94856 94857 4fa961 22 API calls 94856->94857 94858 4f3513 94857->94858 94887 4f3a5a 94858->94887 94860 4f351c 94894 4f3357 94860->94894 94867 4fa961 22 API calls 94868 4f354d 94867->94868 94915 4fa6c3 94868->94915 94871 533176 RegQueryValueExW 94872 533193 94871->94872 94873 53320c RegCloseKey 94871->94873 94874 50fe0b 22 API calls 94872->94874 94875 4f3578 94873->94875 94885 53321e _wcslen 94873->94885 94876 5331ac 94874->94876 94875->94852 94921 4f5722 94876->94921 94877 4f4c6d 22 API calls 94877->94885 94880 5331d4 94881 4f6b57 22 API calls 94880->94881 94882 5331ee ISource 94881->94882 94882->94873 94884 4f515f 22 API calls 94884->94885 94885->94875 94885->94877 94885->94884 94924 4f9cb3 94885->94924 94886->94854 94930 531f50 94887->94930 94890 4f9cb3 22 API calls 94891 4f3a8d 94890->94891 94932 4f3aa2 94891->94932 94893 4f3a97 94893->94860 94895 531f50 __wsopen_s 94894->94895 94896 4f3364 GetFullPathNameW 94895->94896 94897 4f3386 94896->94897 94898 4f6b57 22 API calls 94897->94898 94899 4f33a4 94898->94899 94900 4f33c6 94899->94900 94901 4f33dd 94900->94901 94902 5330bb 94900->94902 94946 4f33ee 94901->94946 94903 50fddb 22 API calls 94902->94903 94906 5330c5 _wcslen 94903->94906 94905 4f33e8 94909 4f515f 94905->94909 94907 50fe0b 22 API calls 94906->94907 94908 5330fe __fread_nolock 94907->94908 94910 4f516e 94909->94910 94914 4f518f __fread_nolock 94909->94914 94913 50fe0b 22 API calls 94910->94913 94911 50fddb 22 API calls 94912 4f3544 94911->94912 94912->94867 94913->94914 94914->94911 94916 4fa6dd 94915->94916 94920 4f3556 RegOpenKeyExW 94915->94920 94917 50fddb 22 API calls 94916->94917 94918 4fa6e7 94917->94918 94919 50fe0b 22 API calls 94918->94919 94919->94920 94920->94871 94920->94875 94922 50fddb 22 API calls 94921->94922 94923 4f5734 RegQueryValueExW 94922->94923 94923->94880 94923->94882 94925 4f9cc2 _wcslen 94924->94925 94926 50fe0b 22 API calls 94925->94926 94927 4f9cea __fread_nolock 94926->94927 94928 50fddb 22 API calls 94927->94928 94929 4f9d00 94928->94929 94929->94885 94931 4f3a67 GetModuleFileNameW 94930->94931 94931->94890 94933 531f50 __wsopen_s 94932->94933 94934 4f3aaf GetFullPathNameW 94933->94934 94935 4f3ace 94934->94935 94936 4f3ae9 94934->94936 94937 4f6b57 22 API calls 94935->94937 94938 4fa6c3 22 API calls 94936->94938 94939 4f3ada 94937->94939 94938->94939 94942 4f37a0 94939->94942 94943 4f37ae 94942->94943 94944 4f93b2 22 API calls 94943->94944 94945 4f37c2 94944->94945 94945->94893 94947 4f33fe _wcslen 94946->94947 94948 53311d 94947->94948 94949 4f3411 94947->94949 94951 50fddb 22 API calls 94948->94951 94956 4fa587 94949->94956 94953 533127 94951->94953 94952 4f341e __fread_nolock 94952->94905 94954 50fe0b 22 API calls 94953->94954 94955 533157 __fread_nolock 94954->94955 94957 4fa59d 94956->94957 94960 4fa598 __fread_nolock 94956->94960 94958 53f80f 94957->94958 94959 50fe0b 22 API calls 94957->94959 94959->94960 94960->94952 94961 542a00 94977 4fd7b0 ISource 94961->94977 94962 4fdb11 PeekMessageW 94962->94977 94963 4fd807 GetInputState 94963->94962 94963->94977 94964 541cbe TranslateAcceleratorW 94964->94977 94966 4fdb8f PeekMessageW 94966->94977 94967 4fda04 timeGetTime 94967->94977 94968 4fdb73 TranslateMessage DispatchMessageW 94968->94966 94969 4fdbaf Sleep 94969->94977 94970 542b74 Sleep 94983 542a51 94970->94983 94973 541dda timeGetTime 95144 50e300 23 API calls 94973->95144 94976 542c0b GetExitCodeProcess 94981 542c37 CloseHandle 94976->94981 94982 542c21 WaitForSingleObject 94976->94982 94977->94962 94977->94963 94977->94964 94977->94966 94977->94967 94977->94968 94977->94969 94977->94970 94977->94973 94979 4fd9d5 94977->94979 94977->94983 94993 4fdd50 94977->94993 95000 4fdfd0 94977->95000 95023 4fbf40 94977->95023 95081 50edf6 94977->95081 95086 501310 94977->95086 95143 50e551 timeGetTime 94977->95143 95145 563a2a 23 API calls 94977->95145 95146 4fec40 94977->95146 95170 56359c 82 API calls __wsopen_s 94977->95170 94978 5829bf GetForegroundWindow 94978->94983 94981->94983 94982->94977 94982->94981 94983->94976 94983->94977 94983->94978 94983->94979 94984 542ca9 Sleep 94983->94984 95171 575658 23 API calls 94983->95171 95172 55e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94983->95172 95173 50e551 timeGetTime 94983->95173 95174 55d4dc CreateToolhelp32Snapshot Process32FirstW 94983->95174 94984->94977 94994 4fdd6f 94993->94994 94996 4fdd83 94993->94996 95184 4fd260 94994->95184 95216 56359c 82 API calls __wsopen_s 94996->95216 94997 4fdd7a 94997->94977 94999 542f75 94999->94999 95002 4fe010 95000->95002 95001 4fec40 348 API calls 95020 4fe0dc ISource 95001->95020 95002->95020 95229 510242 5 API calls __Init_thread_wait 95002->95229 95005 542fca 95007 4fa961 22 API calls 95005->95007 95005->95020 95006 4fa961 22 API calls 95006->95020 95008 542fe4 95007->95008 95230 5100a3 29 API calls __onexit 95008->95230 95012 542fee 95231 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95012->95231 95017 56359c 82 API calls 95017->95020 95018 4fe3e1 95018->94977 95019 5004f0 22 API calls 95019->95020 95020->95001 95020->95006 95020->95017 95020->95018 95020->95019 95226 4fa8c7 22 API calls __fread_nolock 95020->95226 95227 4fa81b 41 API calls 95020->95227 95228 50a308 348 API calls 95020->95228 95232 510242 5 API calls __Init_thread_wait 95020->95232 95233 5100a3 29 API calls __onexit 95020->95233 95234 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95020->95234 95235 5747d4 348 API calls 95020->95235 95236 5768c1 348 API calls 95020->95236 95237 4fadf0 95023->95237 95025 4fbf9d 95026 5404b6 95025->95026 95027 4fbfa9 95025->95027 95265 56359c 82 API calls __wsopen_s 95026->95265 95029 4fc01e 95027->95029 95030 5404c6 95027->95030 95242 4fac91 95029->95242 95266 56359c 82 API calls __wsopen_s 95030->95266 95033 4fc7da 95037 50fe0b 22 API calls 95033->95037 95042 4fc808 __fread_nolock 95037->95042 95040 5404f5 95043 54055a 95040->95043 95267 50d217 348 API calls 95040->95267 95047 50fe0b 22 API calls 95042->95047 95064 4fc603 95043->95064 95268 56359c 82 API calls __wsopen_s 95043->95268 95044 4faf8a 22 API calls 95051 4fc039 ISource __fread_nolock 95044->95051 95045 557120 22 API calls 95045->95051 95046 54091a 95277 563209 23 API calls 95046->95277 95052 4fc350 ISource __fread_nolock 95047->95052 95048 50fddb 22 API calls 95048->95051 95051->95033 95051->95040 95051->95042 95051->95043 95051->95044 95051->95045 95051->95046 95051->95048 95053 4fec40 348 API calls 95051->95053 95054 5408a5 95051->95054 95058 540591 95051->95058 95059 5408f6 95051->95059 95063 4fbbe0 40 API calls 95051->95063 95051->95064 95066 4faceb 23 API calls 95051->95066 95067 4fc237 95051->95067 95070 50fe0b 22 API calls 95051->95070 95076 5409bf 95051->95076 95246 4fad81 95051->95246 95270 557099 22 API calls __fread_nolock 95051->95270 95271 575745 54 API calls _wcslen 95051->95271 95272 50aa42 22 API calls ISource 95051->95272 95273 55f05c 40 API calls 95051->95273 95274 4fa993 41 API calls 95051->95274 95080 4fc3ac 95052->95080 95264 50ce17 22 API calls ISource 95052->95264 95053->95051 95055 4fec40 348 API calls 95054->95055 95057 5408cf 95055->95057 95057->95064 95275 4fa81b 41 API calls 95057->95275 95269 56359c 82 API calls __wsopen_s 95058->95269 95276 56359c 82 API calls __wsopen_s 95059->95276 95063->95051 95064->94977 95066->95051 95068 4fc253 95067->95068 95278 4fa8c7 22 API calls __fread_nolock 95067->95278 95071 540976 95068->95071 95074 4fc297 ISource 95068->95074 95070->95051 95073 4faceb 23 API calls 95071->95073 95073->95076 95074->95076 95253 4faceb 95074->95253 95076->95064 95279 56359c 82 API calls __wsopen_s 95076->95279 95077 4fc335 95077->95076 95078 4fc342 95077->95078 95263 4fa704 22 API calls ISource 95078->95263 95080->94977 95082 50ee09 95081->95082 95083 50ee12 95081->95083 95082->94977 95083->95082 95084 50ee36 IsDialogMessageW 95083->95084 95085 54efaf GetClassLongW 95083->95085 95084->95082 95084->95083 95085->95083 95085->95084 95087 5017b0 95086->95087 95088 501376 95086->95088 95320 510242 5 API calls __Init_thread_wait 95087->95320 95089 501390 95088->95089 95090 546331 95088->95090 95092 501940 9 API calls 95089->95092 95324 57709c 348 API calls 95090->95324 95095 5013a0 95092->95095 95094 5017ba 95097 5017fb 95094->95097 95099 4f9cb3 22 API calls 95094->95099 95098 501940 9 API calls 95095->95098 95096 54633d 95096->94977 95101 546346 95097->95101 95103 50182c 95097->95103 95100 5013b6 95098->95100 95106 5017d4 95099->95106 95100->95097 95102 5013ec 95100->95102 95325 56359c 82 API calls __wsopen_s 95101->95325 95102->95101 95126 501408 __fread_nolock 95102->95126 95105 4faceb 23 API calls 95103->95105 95107 501839 95105->95107 95321 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95106->95321 95322 50d217 348 API calls 95107->95322 95110 54636e 95326 56359c 82 API calls __wsopen_s 95110->95326 95111 50152f 95113 5463d1 95111->95113 95114 50153c 95111->95114 95328 575745 54 API calls _wcslen 95113->95328 95116 501940 9 API calls 95114->95116 95117 501549 95116->95117 95121 5464fa 95117->95121 95123 501940 9 API calls 95117->95123 95118 50fddb 22 API calls 95118->95126 95119 501872 95323 50faeb 23 API calls 95119->95323 95120 50fe0b 22 API calls 95120->95126 95130 546369 95121->95130 95330 56359c 82 API calls __wsopen_s 95121->95330 95128 501563 95123->95128 95125 4fec40 348 API calls 95125->95126 95126->95107 95126->95110 95126->95111 95126->95118 95126->95120 95126->95125 95127 5463b2 95126->95127 95126->95130 95327 56359c 82 API calls __wsopen_s 95127->95327 95128->95121 95133 5015c7 ISource 95128->95133 95329 4fa8c7 22 API calls __fread_nolock 95128->95329 95130->94977 95132 501940 9 API calls 95132->95133 95133->95119 95133->95121 95133->95130 95133->95132 95136 50167b ISource 95133->95136 95291 57abf7 95133->95291 95296 57a2ea 95133->95296 95301 50f645 95133->95301 95308 57ab67 95133->95308 95311 565c5a 95133->95311 95316 581591 95133->95316 95134 50171d 95134->94977 95136->95134 95319 50ce17 22 API calls ISource 95136->95319 95143->94977 95144->94977 95145->94977 95167 4fec76 ISource 95146->95167 95147 5100a3 29 API calls pre_c_initialization 95147->95167 95148 50fddb 22 API calls 95148->95167 95150 4ffef7 95163 4fed9d ISource 95150->95163 95565 4fa8c7 22 API calls __fread_nolock 95150->95565 95152 544600 95152->95163 95564 4fa8c7 22 API calls __fread_nolock 95152->95564 95153 544b0b 95567 56359c 82 API calls __wsopen_s 95153->95567 95157 4fa8c7 22 API calls 95157->95167 95160 510242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95160->95167 95161 4ffbe3 95161->95163 95164 544bdc 95161->95164 95169 4ff3ae ISource 95161->95169 95162 4fa961 22 API calls 95162->95167 95163->94977 95568 56359c 82 API calls __wsopen_s 95164->95568 95166 544beb 95569 56359c 82 API calls __wsopen_s 95166->95569 95167->95147 95167->95148 95167->95150 95167->95152 95167->95153 95167->95157 95167->95160 95167->95161 95167->95162 95167->95163 95167->95166 95168 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95167->95168 95167->95169 95502 5001e0 95167->95502 95563 5006a0 41 API calls ISource 95167->95563 95168->95167 95169->95163 95566 56359c 82 API calls __wsopen_s 95169->95566 95170->94977 95171->94983 95172->94983 95173->94983 95600 55def7 95174->95600 95176 55d529 Process32NextW 95177 55d5db CloseHandle 95176->95177 95182 55d522 95176->95182 95177->94983 95178 4fa961 22 API calls 95178->95182 95179 4f9cb3 22 API calls 95179->95182 95182->95176 95182->95177 95182->95178 95182->95179 95606 4f525f 22 API calls 95182->95606 95607 4f6350 22 API calls 95182->95607 95608 50ce60 41 API calls 95182->95608 95185 4fec40 348 API calls 95184->95185 95189 4fd29d 95185->95189 95186 4fd30b ISource 95186->94997 95187 4fd6d5 95187->95186 95198 50fe0b 22 API calls 95187->95198 95189->95186 95189->95187 95190 4fd3c3 95189->95190 95196 4fd4b8 95189->95196 95197 50fddb 22 API calls 95189->95197 95202 541bc4 95189->95202 95211 4fd429 ISource __fread_nolock 95189->95211 95190->95187 95192 4fd3ce 95190->95192 95191 4fd5ff 95194 541bb5 95191->95194 95195 4fd614 95191->95195 95193 50fddb 22 API calls 95192->95193 95205 4fd3d5 __fread_nolock 95193->95205 95224 575705 23 API calls 95194->95224 95200 50fddb 22 API calls 95195->95200 95201 50fe0b 22 API calls 95196->95201 95197->95189 95198->95205 95208 4fd46a 95200->95208 95201->95211 95225 56359c 82 API calls __wsopen_s 95202->95225 95203 50fddb 22 API calls 95204 4fd3f6 95203->95204 95204->95211 95217 4fbec0 348 API calls 95204->95217 95205->95203 95205->95204 95207 541ba4 95223 56359c 82 API calls __wsopen_s 95207->95223 95208->94997 95211->95191 95211->95207 95211->95208 95212 541b7f 95211->95212 95214 541b5d 95211->95214 95218 4f1f6f 95211->95218 95222 56359c 82 API calls __wsopen_s 95212->95222 95221 56359c 82 API calls __wsopen_s 95214->95221 95216->94999 95217->95211 95219 4fec40 348 API calls 95218->95219 95220 4f1f98 95219->95220 95220->95211 95221->95208 95222->95208 95223->95208 95224->95202 95225->95186 95226->95020 95227->95020 95228->95020 95229->95005 95230->95012 95231->95020 95232->95020 95233->95020 95234->95020 95235->95020 95236->95020 95238 4fae01 95237->95238 95241 4fae1c ISource 95237->95241 95239 4faec9 22 API calls 95238->95239 95240 4fae09 CharUpperBuffW 95239->95240 95240->95241 95241->95025 95243 4facae 95242->95243 95244 4facd1 95243->95244 95280 56359c 82 API calls __wsopen_s 95243->95280 95244->95051 95247 53fadb 95246->95247 95248 4fad92 95246->95248 95249 50fddb 22 API calls 95248->95249 95250 4fad99 95249->95250 95281 4fadcd 95250->95281 95254 4facf9 95253->95254 95262 4fad2a ISource 95253->95262 95255 4fad55 95254->95255 95257 4fad01 ISource 95254->95257 95255->95262 95289 4fa8c7 22 API calls __fread_nolock 95255->95289 95258 53fa48 95257->95258 95259 4fad21 95257->95259 95257->95262 95258->95262 95290 50ce17 22 API calls ISource 95258->95290 95261 53fa3a VariantClear 95259->95261 95259->95262 95261->95262 95262->95077 95263->95052 95264->95052 95265->95030 95266->95064 95267->95043 95268->95064 95269->95064 95270->95051 95271->95051 95272->95051 95273->95051 95274->95051 95275->95059 95276->95064 95277->95067 95278->95068 95279->95064 95280->95244 95285 4faddd 95281->95285 95282 4fadb6 95282->95051 95283 50fddb 22 API calls 95283->95285 95284 4fa961 22 API calls 95284->95285 95285->95282 95285->95283 95285->95284 95287 4fadcd 22 API calls 95285->95287 95288 4fa8c7 22 API calls __fread_nolock 95285->95288 95287->95285 95288->95285 95289->95262 95290->95262 95331 57aff9 95291->95331 95293 57ac54 95293->95133 95294 57ac0c 95294->95293 95295 4faceb 23 API calls 95294->95295 95295->95293 95297 4f7510 53 API calls 95296->95297 95298 57a306 95297->95298 95299 55d4dc 47 API calls 95298->95299 95300 57a315 95299->95300 95300->95133 95302 4fb567 39 API calls 95301->95302 95303 50f659 95302->95303 95304 50f661 timeGetTime 95303->95304 95305 54f2dc Sleep 95303->95305 95306 4fb567 39 API calls 95304->95306 95307 50f677 95306->95307 95307->95133 95309 57aff9 217 API calls 95308->95309 95310 57ab79 95309->95310 95310->95133 95312 4f7510 53 API calls 95311->95312 95313 565c6d 95312->95313 95486 55dbbe lstrlenW 95313->95486 95315 565c77 95315->95133 95491 582ad8 95316->95491 95318 58159f 95318->95133 95319->95136 95320->95094 95321->95097 95322->95119 95323->95119 95324->95096 95325->95130 95326->95130 95327->95130 95328->95128 95329->95133 95330->95130 95332 57b01d ___scrt_fastfail 95331->95332 95333 57b094 95332->95333 95334 57b058 95332->95334 95336 4fb567 39 API calls 95333->95336 95345 57b08b 95333->95345 95452 4fb567 95334->95452 95339 57b0a5 95336->95339 95337 57b063 95342 4fb567 39 API calls 95337->95342 95337->95345 95341 4fb567 39 API calls 95339->95341 95341->95345 95346 57b078 95342->95346 95343 4fb567 39 API calls 95347 57b0ed 95343->95347 95345->95343 95345->95347 95349 4fb567 39 API calls 95346->95349 95422 4f7510 95347->95422 95348 57b115 95350 57b11f 95348->95350 95351 57b1d8 95348->95351 95349->95345 95352 4f7510 53 API calls 95350->95352 95353 57b20a GetCurrentDirectoryW 95351->95353 95356 4f7510 53 API calls 95351->95356 95354 57b130 95352->95354 95355 50fe0b 22 API calls 95353->95355 95357 4f7620 22 API calls 95354->95357 95358 57b22f GetCurrentDirectoryW 95355->95358 95359 57b1ef 95356->95359 95361 57b13a 95357->95361 95362 57b23c 95358->95362 95360 4f7620 22 API calls 95359->95360 95363 57b1f9 _wcslen 95360->95363 95364 4f7510 53 API calls 95361->95364 95366 57b275 95362->95366 95457 4f9c6e 22 API calls 95362->95457 95363->95353 95363->95366 95365 57b14b 95364->95365 95367 4f7620 22 API calls 95365->95367 95371 57b287 95366->95371 95372 57b28b 95366->95372 95369 57b155 95367->95369 95373 4f7510 53 API calls 95369->95373 95370 57b255 95458 4f9c6e 22 API calls 95370->95458 95379 57b39a CreateProcessW 95371->95379 95380 57b2f8 95371->95380 95460 5607c0 10 API calls 95372->95460 95376 57b166 95373->95376 95381 4f7620 22 API calls 95376->95381 95377 57b265 95459 4f9c6e 22 API calls 95377->95459 95378 57b294 95461 5606e6 10 API calls 95378->95461 95421 57b32f _wcslen 95379->95421 95463 5511c8 39 API calls 95380->95463 95383 57b170 95381->95383 95386 57b1a6 GetSystemDirectoryW 95383->95386 95391 4f7510 53 API calls 95383->95391 95393 50fe0b 22 API calls 95386->95393 95387 57b2aa 95462 5605a7 8 API calls 95387->95462 95388 57b2fd 95389 57b323 95388->95389 95390 57b32a 95388->95390 95464 551201 128 API calls 2 library calls 95389->95464 95465 5514ce 6 API calls 95390->95465 95395 57b187 95391->95395 95398 57b1cb GetSystemDirectoryW 95393->95398 95400 4f7620 22 API calls 95395->95400 95397 57b2d0 95397->95371 95398->95362 95399 57b328 95399->95421 95401 57b191 _wcslen 95400->95401 95401->95362 95401->95386 95402 57b3d6 GetLastError 95411 57b41a 95402->95411 95403 57b42f CloseHandle 95404 57b43f 95403->95404 95412 57b49a 95403->95412 95406 57b446 CloseHandle 95404->95406 95407 57b451 95404->95407 95406->95407 95409 57b463 95407->95409 95410 57b458 CloseHandle 95407->95410 95408 57b4a6 95408->95411 95413 57b475 95409->95413 95414 57b46a CloseHandle 95409->95414 95410->95409 95449 560175 95411->95449 95412->95408 95418 57b4d2 CloseHandle 95412->95418 95466 5609d9 34 API calls 95413->95466 95414->95413 95417 57b486 95467 57b536 25 API calls 95417->95467 95418->95411 95421->95402 95421->95403 95423 4f7525 95422->95423 95424 4f7522 95422->95424 95425 4f752d 95423->95425 95426 4f755b 95423->95426 95445 4f7620 95424->95445 95468 5151c6 26 API calls 95425->95468 95428 5350f6 95426->95428 95431 4f756d 95426->95431 95436 53500f 95426->95436 95471 515183 26 API calls 95428->95471 95429 4f753d 95435 50fddb 22 API calls 95429->95435 95469 50fb21 51 API calls 95431->95469 95432 53510e 95432->95432 95437 4f7547 95435->95437 95439 50fe0b 22 API calls 95436->95439 95444 535088 95436->95444 95438 4f9cb3 22 API calls 95437->95438 95438->95424 95440 535058 95439->95440 95441 50fddb 22 API calls 95440->95441 95442 53507f 95441->95442 95443 4f9cb3 22 API calls 95442->95443 95443->95444 95470 50fb21 51 API calls 95444->95470 95446 4f762a _wcslen 95445->95446 95447 50fe0b 22 API calls 95446->95447 95448 4f763f 95447->95448 95448->95348 95472 56030f 95449->95472 95453 4fb578 95452->95453 95454 4fb57f 95452->95454 95453->95454 95485 5162d1 39 API calls _strftime 95453->95485 95454->95337 95456 4fb5c2 95456->95337 95457->95370 95458->95377 95459->95366 95460->95378 95461->95387 95462->95397 95463->95388 95464->95399 95465->95421 95466->95417 95467->95412 95468->95429 95469->95429 95470->95428 95471->95432 95473 560321 CloseHandle 95472->95473 95474 560329 95472->95474 95473->95474 95475 560336 95474->95475 95476 56032e CloseHandle 95474->95476 95477 560343 95475->95477 95478 56033b CloseHandle 95475->95478 95476->95475 95479 560350 95477->95479 95480 560348 CloseHandle 95477->95480 95478->95477 95481 560355 CloseHandle 95479->95481 95482 56035d 95479->95482 95480->95479 95481->95482 95483 560362 CloseHandle 95482->95483 95484 56017d 95482->95484 95483->95484 95484->95294 95485->95456 95487 55dc06 95486->95487 95488 55dbdc GetFileAttributesW 95486->95488 95487->95315 95488->95487 95489 55dbe8 FindFirstFileW 95488->95489 95489->95487 95490 55dbf9 FindClose 95489->95490 95490->95487 95492 4faceb 23 API calls 95491->95492 95493 582af3 95492->95493 95494 582b1d 95493->95494 95495 582aff 95493->95495 95496 4f6b57 22 API calls 95494->95496 95497 4f7510 53 API calls 95495->95497 95499 582b1b 95496->95499 95498 582b0c 95497->95498 95498->95499 95501 4fa8c7 22 API calls __fread_nolock 95498->95501 95499->95318 95501->95499 95503 500206 95502->95503 95519 50027e 95502->95519 95504 500213 95503->95504 95505 545411 95503->95505 95512 545435 95504->95512 95515 50021d 95504->95515 95588 577b7e 348 API calls 2 library calls 95505->95588 95507 545405 95587 56359c 82 API calls __wsopen_s 95507->95587 95508 545466 95513 545471 95508->95513 95514 545493 95508->95514 95509 4fec40 348 API calls 95509->95519 95512->95508 95518 54544d 95512->95518 95590 577b7e 348 API calls 2 library calls 95513->95590 95570 575689 95514->95570 95539 500230 ISource 95515->95539 95593 4fa8c7 22 API calls __fread_nolock 95515->95593 95517 500405 95517->95167 95589 56359c 82 API calls __wsopen_s 95518->95589 95519->95509 95519->95517 95524 5451b9 95519->95524 95538 5003f9 95519->95538 95546 5451ce ISource 95519->95546 95547 5003b2 ISource 95519->95547 95548 500344 95519->95548 95522 545332 95522->95539 95586 4fa8c7 22 API calls __fread_nolock 95522->95586 95583 56359c 82 API calls __wsopen_s 95524->95583 95525 54568a 95531 5456c0 95525->95531 95595 577771 67 API calls 95525->95595 95530 545532 95591 561119 22 API calls 95530->95591 95533 4faceb 23 API calls 95531->95533 95537 500273 ISource 95533->95537 95534 545668 95540 4f7510 53 API calls 95534->95540 95536 54569e 95541 4f7510 53 API calls 95536->95541 95537->95167 95538->95517 95582 56359c 82 API calls __wsopen_s 95538->95582 95539->95525 95539->95537 95594 577632 54 API calls __wsopen_s 95539->95594 95553 545670 _wcslen 95540->95553 95555 5456a6 _wcslen 95541->95555 95544 5454b9 95577 560acc 95544->95577 95545 545544 95592 4fa673 22 API calls 95545->95592 95546->95537 95546->95547 95584 56359c 82 API calls __wsopen_s 95546->95584 95547->95507 95547->95522 95547->95537 95547->95539 95585 50a308 348 API calls 95547->95585 95548->95538 95581 5004f0 22 API calls 95548->95581 95551 5003a5 95551->95538 95551->95547 95553->95525 95556 4faceb 23 API calls 95553->95556 95555->95531 95558 4faceb 23 API calls 95555->95558 95556->95525 95557 501310 348 API calls 95557->95539 95558->95531 95559 54554d 95560 560acc 22 API calls 95559->95560 95561 545566 95560->95561 95562 4fbf40 348 API calls 95561->95562 95562->95539 95563->95167 95564->95163 95565->95163 95566->95163 95567->95163 95568->95166 95569->95163 95571 5756a4 95570->95571 95576 54549e 95570->95576 95572 50fe0b 22 API calls 95571->95572 95574 5756c6 95572->95574 95573 50fddb 22 API calls 95573->95574 95574->95573 95574->95576 95596 560a59 95574->95596 95576->95530 95576->95544 95578 5454e3 95577->95578 95579 560ada 95577->95579 95578->95557 95579->95578 95580 50fddb 22 API calls 95579->95580 95580->95578 95581->95551 95582->95537 95583->95546 95584->95547 95585->95547 95586->95539 95587->95505 95588->95539 95589->95537 95590->95539 95591->95545 95592->95559 95593->95539 95594->95534 95595->95536 95597 560a7a 95596->95597 95598 50fddb 22 API calls 95597->95598 95599 560a85 95597->95599 95598->95599 95599->95574 95604 55df02 95600->95604 95601 55df19 95610 5162fb 39 API calls _strftime 95601->95610 95604->95601 95605 55df1f 95604->95605 95609 5163b2 GetStringTypeW _strftime 95604->95609 95605->95182 95606->95182 95607->95182 95608->95182 95609->95604 95610->95605 95611 4f1098 95616 4f42de 95611->95616 95615 4f10a7 95617 4fa961 22 API calls 95616->95617 95618 4f42f5 GetVersionExW 95617->95618 95619 4f6b57 22 API calls 95618->95619 95620 4f4342 95619->95620 95621 4f93b2 22 API calls 95620->95621 95633 4f4378 95620->95633 95622 4f436c 95621->95622 95624 4f37a0 22 API calls 95622->95624 95623 4f441b GetCurrentProcess IsWow64Process 95625 4f4437 95623->95625 95624->95633 95626 4f444f LoadLibraryA 95625->95626 95627 533824 GetSystemInfo 95625->95627 95628 4f449c GetSystemInfo 95626->95628 95629 4f4460 GetProcAddress 95626->95629 95630 4f4476 95628->95630 95629->95628 95632 4f4470 GetNativeSystemInfo 95629->95632 95634 4f447a FreeLibrary 95630->95634 95635 4f109d 95630->95635 95631 5337df 95632->95630 95633->95623 95633->95631 95634->95635 95636 5100a3 29 API calls __onexit 95635->95636 95636->95615 95637 4f3156 95640 4f3170 95637->95640 95641 4f3187 95640->95641 95642 4f318c 95641->95642 95643 4f31eb 95641->95643 95681 4f31e9 95641->95681 95647 4f3199 95642->95647 95648 4f3265 PostQuitMessage 95642->95648 95645 532dfb 95643->95645 95646 4f31f1 95643->95646 95644 4f31d0 DefWindowProcW 95672 4f316a 95644->95672 95699 4f18e2 10 API calls 95645->95699 95649 4f321d SetTimer RegisterWindowMessageW 95646->95649 95650 4f31f8 95646->95650 95652 4f31a4 95647->95652 95653 532e7c 95647->95653 95648->95672 95657 4f3246 CreatePopupMenu 95649->95657 95649->95672 95654 4f3201 KillTimer 95650->95654 95655 532d9c 95650->95655 95658 4f31ae 95652->95658 95659 532e68 95652->95659 95712 55bf30 34 API calls ___scrt_fastfail 95653->95712 95685 4f30f2 95654->95685 95661 532da1 95655->95661 95662 532dd7 MoveWindow 95655->95662 95656 532e1c 95700 50e499 42 API calls 95656->95700 95657->95672 95666 4f31b9 95658->95666 95667 532e4d 95658->95667 95689 55c161 95659->95689 95669 532da7 95661->95669 95670 532dc6 SetFocus 95661->95670 95662->95672 95673 4f31c4 95666->95673 95674 4f3253 95666->95674 95667->95644 95711 550ad7 22 API calls 95667->95711 95668 532e8e 95668->95644 95668->95672 95669->95673 95675 532db0 95669->95675 95670->95672 95673->95644 95682 4f30f2 Shell_NotifyIconW 95673->95682 95697 4f326f 44 API calls ___scrt_fastfail 95674->95697 95698 4f18e2 10 API calls 95675->95698 95679 4f3263 95679->95672 95681->95644 95683 532e41 95682->95683 95701 4f3837 95683->95701 95686 4f3154 95685->95686 95687 4f3104 ___scrt_fastfail 95685->95687 95696 4f3c50 DeleteObject DestroyWindow 95686->95696 95688 4f3123 Shell_NotifyIconW 95687->95688 95688->95686 95690 55c276 95689->95690 95691 55c179 ___scrt_fastfail 95689->95691 95690->95672 95713 4f3923 95691->95713 95693 55c25f KillTimer SetTimer 95693->95690 95694 55c1a0 95694->95693 95695 55c251 Shell_NotifyIconW 95694->95695 95695->95693 95696->95672 95697->95679 95698->95672 95699->95656 95700->95673 95702 4f3862 ___scrt_fastfail 95701->95702 95743 4f4212 95702->95743 95705 4f38e8 95707 533386 Shell_NotifyIconW 95705->95707 95708 4f3906 Shell_NotifyIconW 95705->95708 95709 4f3923 24 API calls 95708->95709 95710 4f391c 95709->95710 95710->95681 95711->95681 95712->95668 95714 4f393f 95713->95714 95732 4f3a13 95713->95732 95735 4f6270 95714->95735 95717 533393 LoadStringW 95720 5333ad 95717->95720 95718 4f395a 95719 4f6b57 22 API calls 95718->95719 95721 4f396f 95719->95721 95734 4f3994 ___scrt_fastfail 95720->95734 95741 4fa8c7 22 API calls __fread_nolock 95720->95741 95722 4f397c 95721->95722 95723 5333c9 95721->95723 95722->95720 95725 4f3986 95722->95725 95742 4f6350 22 API calls 95723->95742 95740 4f6350 22 API calls 95725->95740 95728 5333d7 95729 4f33c6 22 API calls 95728->95729 95728->95734 95731 5333f9 95729->95731 95730 4f39f9 Shell_NotifyIconW 95730->95732 95733 4f33c6 22 API calls 95731->95733 95732->95694 95733->95734 95734->95730 95736 50fe0b 22 API calls 95735->95736 95737 4f6295 95736->95737 95738 50fddb 22 API calls 95737->95738 95739 4f394d 95738->95739 95739->95717 95739->95718 95740->95734 95741->95734 95742->95728 95744 5335a4 95743->95744 95745 4f38b7 95743->95745 95744->95745 95746 5335ad DestroyIcon 95744->95746 95745->95705 95747 55c874 42 API calls _strftime 95745->95747 95746->95745 95747->95705 95748 543f75 95759 50ceb1 95748->95759 95750 543f8b 95751 544006 95750->95751 95768 50e300 23 API calls 95750->95768 95753 4fbf40 348 API calls 95751->95753 95755 544052 95753->95755 95754 543fe6 95754->95755 95769 561abf 22 API calls 95754->95769 95757 544a88 95755->95757 95770 56359c 82 API calls __wsopen_s 95755->95770 95760 50ced2 95759->95760 95761 50cebf 95759->95761 95763 50cf05 95760->95763 95764 50ced7 95760->95764 95762 4faceb 23 API calls 95761->95762 95767 50cec9 95762->95767 95766 4faceb 23 API calls 95763->95766 95765 50fddb 22 API calls 95764->95765 95765->95767 95766->95767 95767->95750 95768->95754 95769->95751 95770->95757 95771 4f1cad SystemParametersInfoW 95772 4fdee5 95775 4fb710 95772->95775 95776 4fb72b 95775->95776 95777 540146 95776->95777 95778 5400f8 95776->95778 95804 4fb750 95776->95804 95817 5758a2 348 API calls 2 library calls 95777->95817 95781 540102 95778->95781 95784 54010f 95778->95784 95778->95804 95815 575d33 348 API calls 95781->95815 95801 4fba20 95784->95801 95816 5761d0 348 API calls 2 library calls 95784->95816 95787 50d336 40 API calls 95787->95804 95788 5403d9 95788->95788 95792 4fba4e 95793 540322 95820 575c0c 82 API calls 95793->95820 95797 4faceb 23 API calls 95797->95804 95800 4fbbe0 40 API calls 95800->95804 95801->95792 95821 56359c 82 API calls __wsopen_s 95801->95821 95802 4fec40 348 API calls 95802->95804 95804->95787 95804->95792 95804->95793 95804->95797 95804->95800 95804->95801 95804->95802 95806 4fa81b 41 API calls 95804->95806 95807 50d2f0 40 API calls 95804->95807 95808 50a01b 348 API calls 95804->95808 95809 510242 5 API calls __Init_thread_wait 95804->95809 95810 50edcd 22 API calls 95804->95810 95811 5100a3 29 API calls __onexit 95804->95811 95812 5101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95804->95812 95813 50ee53 82 API calls 95804->95813 95814 50e5ca 348 API calls 95804->95814 95818 54f6bf 23 API calls 95804->95818 95819 4fa8c7 22 API calls __fread_nolock 95804->95819 95806->95804 95807->95804 95808->95804 95809->95804 95810->95804 95811->95804 95812->95804 95813->95804 95814->95804 95815->95784 95816->95801 95817->95804 95818->95804 95819->95804 95820->95801 95821->95788 95822 5103fb 95823 510407 ___BuildCatchObject 95822->95823 95851 50feb1 95823->95851 95825 51040e 95826 510561 95825->95826 95829 510438 95825->95829 95881 51083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95826->95881 95828 510568 95874 514e52 95828->95874 95839 510477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95829->95839 95862 52247d 95829->95862 95836 510457 95838 5104d8 95870 510959 95838->95870 95839->95838 95877 514e1a 38 API calls 3 library calls 95839->95877 95842 5104de 95843 5104f3 95842->95843 95878 510992 GetModuleHandleW 95843->95878 95845 5104fa 95845->95828 95846 5104fe 95845->95846 95847 510507 95846->95847 95879 514df5 28 API calls _abort 95846->95879 95880 510040 13 API calls 2 library calls 95847->95880 95850 51050f 95850->95836 95852 50feba 95851->95852 95883 510698 IsProcessorFeaturePresent 95852->95883 95854 50fec6 95884 512c94 10 API calls 3 library calls 95854->95884 95856 50fecb 95861 50fecf 95856->95861 95885 522317 95856->95885 95858 50fee6 95858->95825 95861->95825 95863 522494 95862->95863 95864 510a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95863->95864 95865 510451 95864->95865 95865->95836 95866 522421 95865->95866 95867 522450 95866->95867 95868 510a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95867->95868 95869 522479 95868->95869 95869->95839 95901 512340 95870->95901 95873 51097f 95873->95842 95903 514bcf 95874->95903 95877->95838 95878->95845 95879->95847 95880->95850 95881->95828 95883->95854 95884->95856 95889 52d1f6 95885->95889 95888 512cbd 8 API calls 3 library calls 95888->95861 95890 52d20f 95889->95890 95893 510a8c 95890->95893 95892 50fed8 95892->95858 95892->95888 95894 510a95 95893->95894 95895 510a97 IsProcessorFeaturePresent 95893->95895 95894->95892 95897 510c5d 95895->95897 95900 510c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95897->95900 95899 510d40 95899->95892 95900->95899 95902 51096c GetStartupInfoW 95901->95902 95902->95873 95904 514bdb pair 95903->95904 95905 514be2 95904->95905 95906 514bf4 95904->95906 95942 514d29 GetModuleHandleW 95905->95942 95927 522f5e EnterCriticalSection 95906->95927 95909 514be7 95909->95906 95943 514d6d GetModuleHandleExW 95909->95943 95913 514bfb 95915 514c70 95913->95915 95925 514c99 95913->95925 95928 5221a8 95913->95928 95916 514c88 95915->95916 95921 522421 _abort 5 API calls 95915->95921 95922 522421 _abort 5 API calls 95916->95922 95917 514ce2 95951 531d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95917->95951 95918 514cb6 95934 514ce8 95918->95934 95921->95916 95922->95925 95931 514cd9 95925->95931 95927->95913 95952 521ee1 95928->95952 95978 522fa6 LeaveCriticalSection 95931->95978 95933 514cb2 95933->95917 95933->95918 95979 52360c 95934->95979 95937 514d16 95940 514d6d _abort 8 API calls 95937->95940 95938 514cf6 GetPEB 95938->95937 95939 514d06 GetCurrentProcess TerminateProcess 95938->95939 95939->95937 95941 514d1e ExitProcess 95940->95941 95942->95909 95944 514d97 GetProcAddress 95943->95944 95945 514dba 95943->95945 95948 514dac 95944->95948 95946 514dc0 FreeLibrary 95945->95946 95947 514dc9 95945->95947 95946->95947 95949 510a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95947->95949 95948->95945 95950 514bf3 95949->95950 95950->95906 95955 521e90 95952->95955 95954 521f05 95954->95915 95956 521e9c ___BuildCatchObject 95955->95956 95963 522f5e EnterCriticalSection 95956->95963 95958 521eaa 95964 521f31 95958->95964 95962 521ec8 __fread_nolock 95962->95954 95963->95958 95965 521f51 95964->95965 95968 521f59 95964->95968 95966 510a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95965->95966 95967 521eb7 95966->95967 95970 521ed5 LeaveCriticalSection _abort 95967->95970 95968->95965 95971 5229c8 95968->95971 95970->95962 95972 5229d3 RtlFreeHeap 95971->95972 95973 5229fc __dosmaperr 95971->95973 95972->95973 95974 5229e8 95972->95974 95973->95965 95977 51f2d9 20 API calls __dosmaperr 95974->95977 95976 5229ee GetLastError 95976->95973 95977->95976 95978->95933 95980 523631 95979->95980 95981 523627 95979->95981 95986 522fd7 5 API calls 2 library calls 95980->95986 95983 510a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95981->95983 95984 514cf2 95983->95984 95984->95937 95984->95938 95985 523648 95985->95981 95986->95985 95987 522df8 GetLastError 95988 522e11 95987->95988 95989 522e17 95987->95989 96013 52320e 11 API calls 2 library calls 95988->96013 95993 522e6e SetLastError 95989->95993 96006 524c7d 95989->96006 95996 522e77 95993->95996 95994 522e31 95998 5229c8 _free 17 API calls 95994->95998 95997 522e46 95997->95994 96000 522e4d 95997->96000 95999 522e37 95998->95999 96001 522e65 SetLastError 95999->96001 96015 522be6 20 API calls pre_c_initialization 96000->96015 96001->95996 96003 522e58 96004 5229c8 _free 17 API calls 96003->96004 96005 522e5e 96004->96005 96005->95993 96005->96001 96011 524c8a pre_c_initialization 96006->96011 96007 524cca 96017 51f2d9 20 API calls __dosmaperr 96007->96017 96008 524cb5 RtlAllocateHeap 96009 522e29 96008->96009 96008->96011 96009->95994 96014 523264 11 API calls 2 library calls 96009->96014 96011->96007 96011->96008 96016 514ead 7 API calls 2 library calls 96011->96016 96013->95989 96014->95997 96015->96003 96016->96011 96017->96009 96018 4f2de3 96019 4f2df0 __wsopen_s 96018->96019 96020 4f2e09 96019->96020 96021 532c2b ___scrt_fastfail 96019->96021 96022 4f3aa2 23 API calls 96020->96022 96024 532c47 GetOpenFileNameW 96021->96024 96023 4f2e12 96022->96023 96034 4f2da5 96023->96034 96026 532c96 96024->96026 96028 4f6b57 22 API calls 96026->96028 96029 532cab 96028->96029 96029->96029 96031 4f2e27 96052 4f44a8 96031->96052 96035 531f50 __wsopen_s 96034->96035 96036 4f2db2 GetLongPathNameW 96035->96036 96037 4f6b57 22 API calls 96036->96037 96038 4f2dda 96037->96038 96039 4f3598 96038->96039 96040 4fa961 22 API calls 96039->96040 96041 4f35aa 96040->96041 96042 4f3aa2 23 API calls 96041->96042 96043 4f35b5 96042->96043 96044 5332eb 96043->96044 96045 4f35c0 96043->96045 96050 53330d 96044->96050 96088 50ce60 41 API calls 96044->96088 96046 4f515f 22 API calls 96045->96046 96048 4f35cc 96046->96048 96082 4f35f3 96048->96082 96051 4f35df 96051->96031 96089 4f4ecb 96052->96089 96055 533833 96111 562cf9 96055->96111 96057 4f4ecb 94 API calls 96059 4f44e1 96057->96059 96058 533848 96060 533869 96058->96060 96061 53384c 96058->96061 96059->96055 96062 4f44e9 96059->96062 96064 50fe0b 22 API calls 96060->96064 96152 4f4f39 96061->96152 96065 533854 96062->96065 96066 4f44f5 96062->96066 96081 5338ae 96064->96081 96158 55da5a 82 API calls 96065->96158 96151 4f940c 136 API calls 2 library calls 96066->96151 96069 4f2e31 96070 533862 96070->96060 96071 533a5f 96076 533a67 96071->96076 96072 4f4f39 68 API calls 96072->96076 96076->96072 96162 55989b 82 API calls __wsopen_s 96076->96162 96078 4f9cb3 22 API calls 96078->96081 96081->96071 96081->96076 96081->96078 96137 4fa4a1 96081->96137 96145 4f3ff7 96081->96145 96159 55967e 22 API calls __fread_nolock 96081->96159 96160 5595ad 42 API calls _wcslen 96081->96160 96161 560b5a 22 API calls 96081->96161 96083 4f3605 96082->96083 96087 4f3624 __fread_nolock 96082->96087 96086 50fe0b 22 API calls 96083->96086 96084 50fddb 22 API calls 96085 4f363b 96084->96085 96085->96051 96086->96087 96087->96084 96088->96044 96163 4f4e90 LoadLibraryA 96089->96163 96094 4f4ef6 LoadLibraryExW 96171 4f4e59 LoadLibraryA 96094->96171 96095 533ccf 96097 4f4f39 68 API calls 96095->96097 96099 533cd6 96097->96099 96101 4f4e59 3 API calls 96099->96101 96103 533cde 96101->96103 96102 4f4f20 96102->96103 96104 4f4f2c 96102->96104 96193 4f50f5 96103->96193 96105 4f4f39 68 API calls 96104->96105 96107 4f44cd 96105->96107 96107->96055 96107->96057 96110 533d05 96112 562d15 96111->96112 96113 4f511f 64 API calls 96112->96113 96114 562d29 96113->96114 96324 562e66 96114->96324 96117 4f50f5 40 API calls 96118 562d56 96117->96118 96119 4f50f5 40 API calls 96118->96119 96120 562d66 96119->96120 96121 4f50f5 40 API calls 96120->96121 96122 562d81 96121->96122 96123 4f50f5 40 API calls 96122->96123 96124 562d9c 96123->96124 96125 4f511f 64 API calls 96124->96125 96126 562db3 96125->96126 96127 51ea0c ___std_exception_copy 21 API calls 96126->96127 96128 562dba 96127->96128 96129 51ea0c ___std_exception_copy 21 API calls 96128->96129 96130 562dc4 96129->96130 96131 4f50f5 40 API calls 96130->96131 96132 562dd8 96131->96132 96133 5628fe 27 API calls 96132->96133 96135 562dee 96133->96135 96134 562d3f 96134->96058 96135->96134 96330 5622ce 79 API calls 96135->96330 96138 4fa52b 96137->96138 96144 4fa4b1 __fread_nolock 96137->96144 96140 50fe0b 22 API calls 96138->96140 96139 50fddb 22 API calls 96141 4fa4b8 96139->96141 96140->96144 96142 50fddb 22 API calls 96141->96142 96143 4fa4d6 96141->96143 96142->96143 96143->96081 96144->96139 96146 4f400a 96145->96146 96148 4f40ae 96145->96148 96147 50fe0b 22 API calls 96146->96147 96150 4f403c 96146->96150 96147->96150 96148->96081 96149 50fddb 22 API calls 96149->96150 96150->96148 96150->96149 96151->96069 96153 4f4f4a 96152->96153 96154 4f4f43 96152->96154 96156 4f4f6a FreeLibrary 96153->96156 96157 4f4f59 96153->96157 96331 51e678 96154->96331 96156->96157 96157->96065 96158->96070 96159->96081 96160->96081 96161->96081 96162->96076 96164 4f4ea8 GetProcAddress 96163->96164 96165 4f4ec6 96163->96165 96166 4f4eb8 96164->96166 96168 51e5eb 96165->96168 96166->96165 96167 4f4ebf FreeLibrary 96166->96167 96167->96165 96201 51e52a 96168->96201 96170 4f4eea 96170->96094 96170->96095 96172 4f4e6e GetProcAddress 96171->96172 96173 4f4e8d 96171->96173 96174 4f4e7e 96172->96174 96176 4f4f80 96173->96176 96174->96173 96175 4f4e86 FreeLibrary 96174->96175 96175->96173 96177 50fe0b 22 API calls 96176->96177 96178 4f4f95 96177->96178 96179 4f5722 22 API calls 96178->96179 96180 4f4fa1 __fread_nolock 96179->96180 96181 4f50a5 96180->96181 96182 533d1d 96180->96182 96187 4f4fdc 96180->96187 96253 4f42a2 CreateStreamOnHGlobal 96181->96253 96264 56304d 74 API calls 96182->96264 96185 533d22 96188 4f511f 64 API calls 96185->96188 96186 4f50f5 40 API calls 96186->96187 96187->96185 96187->96186 96192 4f506e ISource 96187->96192 96259 4f511f 96187->96259 96189 533d45 96188->96189 96190 4f50f5 40 API calls 96189->96190 96190->96192 96192->96102 96194 533d70 96193->96194 96195 4f5107 96193->96195 96286 51e8c4 96195->96286 96198 5628fe 96307 56274e 96198->96307 96200 562919 96200->96110 96204 51e536 ___BuildCatchObject 96201->96204 96202 51e544 96226 51f2d9 20 API calls __dosmaperr 96202->96226 96204->96202 96206 51e574 96204->96206 96205 51e549 96227 5227ec 26 API calls pre_c_initialization 96205->96227 96208 51e586 96206->96208 96209 51e579 96206->96209 96218 528061 96208->96218 96228 51f2d9 20 API calls __dosmaperr 96209->96228 96212 51e58f 96213 51e5a2 96212->96213 96214 51e595 96212->96214 96230 51e5d4 LeaveCriticalSection __fread_nolock 96213->96230 96229 51f2d9 20 API calls __dosmaperr 96214->96229 96216 51e554 __fread_nolock 96216->96170 96219 52806d ___BuildCatchObject 96218->96219 96231 522f5e EnterCriticalSection 96219->96231 96221 52807b 96232 5280fb 96221->96232 96225 5280ac __fread_nolock 96225->96212 96226->96205 96227->96216 96228->96216 96229->96216 96230->96216 96231->96221 96238 52811e 96232->96238 96233 528177 96234 524c7d pre_c_initialization 20 API calls 96233->96234 96235 528180 96234->96235 96237 5229c8 _free 20 API calls 96235->96237 96239 528189 96237->96239 96238->96233 96238->96238 96244 528088 96238->96244 96248 51918d EnterCriticalSection 96238->96248 96249 5191a1 LeaveCriticalSection 96238->96249 96239->96244 96250 523405 11 API calls 2 library calls 96239->96250 96241 5281a8 96251 51918d EnterCriticalSection 96241->96251 96245 5280b7 96244->96245 96252 522fa6 LeaveCriticalSection 96245->96252 96247 5280be 96247->96225 96248->96238 96249->96238 96250->96241 96251->96244 96252->96247 96254 4f42bc FindResourceExW 96253->96254 96255 4f42d9 96253->96255 96254->96255 96256 5335ba LoadResource 96254->96256 96255->96187 96256->96255 96257 5335cf SizeofResource 96256->96257 96257->96255 96258 5335e3 LockResource 96257->96258 96258->96255 96260 4f512e 96259->96260 96261 533d90 96259->96261 96265 51ece3 96260->96265 96264->96185 96268 51eaaa 96265->96268 96267 4f513c 96267->96187 96272 51eab6 ___BuildCatchObject 96268->96272 96269 51eac2 96281 51f2d9 20 API calls __dosmaperr 96269->96281 96271 51eae8 96283 51918d EnterCriticalSection 96271->96283 96272->96269 96272->96271 96273 51eac7 96282 5227ec 26 API calls pre_c_initialization 96273->96282 96276 51eaf4 96284 51ec0a 62 API calls 2 library calls 96276->96284 96278 51eb08 96285 51eb27 LeaveCriticalSection __fread_nolock 96278->96285 96280 51ead2 __fread_nolock 96280->96267 96281->96273 96282->96280 96283->96276 96284->96278 96285->96280 96289 51e8e1 96286->96289 96288 4f5118 96288->96198 96290 51e8ed ___BuildCatchObject 96289->96290 96291 51e900 ___scrt_fastfail 96290->96291 96292 51e92d 96290->96292 96293 51e925 __fread_nolock 96290->96293 96302 51f2d9 20 API calls __dosmaperr 96291->96302 96304 51918d EnterCriticalSection 96292->96304 96293->96288 96296 51e937 96305 51e6f8 38 API calls 4 library calls 96296->96305 96297 51e91a 96303 5227ec 26 API calls pre_c_initialization 96297->96303 96300 51e94e 96306 51e96c LeaveCriticalSection __fread_nolock 96300->96306 96302->96297 96303->96293 96304->96296 96305->96300 96306->96293 96310 51e4e8 96307->96310 96309 56275d 96309->96200 96313 51e469 96310->96313 96312 51e505 96312->96309 96314 51e478 96313->96314 96315 51e48c 96313->96315 96321 51f2d9 20 API calls __dosmaperr 96314->96321 96320 51e488 __alldvrm 96315->96320 96323 52333f 11 API calls 2 library calls 96315->96323 96317 51e47d 96322 5227ec 26 API calls pre_c_initialization 96317->96322 96320->96312 96321->96317 96322->96320 96323->96320 96328 562e7a 96324->96328 96325 562d3b 96325->96117 96325->96134 96326 4f50f5 40 API calls 96326->96328 96327 5628fe 27 API calls 96327->96328 96328->96325 96328->96326 96328->96327 96329 4f511f 64 API calls 96328->96329 96329->96328 96330->96134 96332 51e684 ___BuildCatchObject 96331->96332 96333 51e695 96332->96333 96334 51e6aa 96332->96334 96344 51f2d9 20 API calls __dosmaperr 96333->96344 96343 51e6a5 __fread_nolock 96334->96343 96346 51918d EnterCriticalSection 96334->96346 96337 51e69a 96345 5227ec 26 API calls pre_c_initialization 96337->96345 96338 51e6c6 96347 51e602 96338->96347 96341 51e6d1 96363 51e6ee LeaveCriticalSection __fread_nolock 96341->96363 96343->96153 96344->96337 96345->96343 96346->96338 96348 51e624 96347->96348 96349 51e60f 96347->96349 96356 51e61f 96348->96356 96366 51dc0b 96348->96366 96364 51f2d9 20 API calls __dosmaperr 96349->96364 96351 51e614 96365 5227ec 26 API calls pre_c_initialization 96351->96365 96356->96341 96359 51e646 96383 52862f 96359->96383 96362 5229c8 _free 20 API calls 96362->96356 96363->96343 96364->96351 96365->96356 96367 51dc23 96366->96367 96368 51dc1f 96366->96368 96367->96368 96369 51d955 __fread_nolock 26 API calls 96367->96369 96372 524d7a 96368->96372 96370 51dc43 96369->96370 96398 5259be 62 API calls 5 library calls 96370->96398 96373 524d90 96372->96373 96374 51e640 96372->96374 96373->96374 96375 5229c8 _free 20 API calls 96373->96375 96376 51d955 96374->96376 96375->96374 96377 51d961 96376->96377 96378 51d976 96376->96378 96399 51f2d9 20 API calls __dosmaperr 96377->96399 96378->96359 96380 51d966 96400 5227ec 26 API calls pre_c_initialization 96380->96400 96382 51d971 96382->96359 96384 528653 96383->96384 96385 52863e 96383->96385 96387 52868e 96384->96387 96392 52867a 96384->96392 96401 51f2c6 20 API calls __dosmaperr 96385->96401 96406 51f2c6 20 API calls __dosmaperr 96387->96406 96389 528643 96402 51f2d9 20 API calls __dosmaperr 96389->96402 96390 528693 96407 51f2d9 20 API calls __dosmaperr 96390->96407 96403 528607 96392->96403 96395 52869b 96408 5227ec 26 API calls pre_c_initialization 96395->96408 96396 51e64c 96396->96356 96396->96362 96398->96368 96399->96380 96400->96382 96401->96389 96402->96396 96409 528585 96403->96409 96405 52862b 96405->96396 96406->96390 96407->96395 96408->96396 96410 528591 ___BuildCatchObject 96409->96410 96420 525147 EnterCriticalSection 96410->96420 96412 52859f 96413 5285d1 96412->96413 96414 5285c6 96412->96414 96421 51f2d9 20 API calls __dosmaperr 96413->96421 96415 5286ae __wsopen_s 29 API calls 96414->96415 96417 5285cc 96415->96417 96422 5285fb LeaveCriticalSection __wsopen_s 96417->96422 96419 5285ee __fread_nolock 96419->96405 96420->96412 96421->96417 96422->96419 96423 54d27a GetUserNameW 96424 54d292 96423->96424 96424->96424 96425 4fdefc 96428 4f1d6f 96425->96428 96427 4fdf07 96429 4f1d8c 96428->96429 96430 4f1f6f 348 API calls 96429->96430 96431 4f1da6 96430->96431 96432 532759 96431->96432 96434 4f1e36 96431->96434 96435 4f1dc2 96431->96435 96438 56359c 82 API calls __wsopen_s 96432->96438 96434->96427 96435->96434 96437 4f289a 23 API calls 96435->96437 96437->96434 96438->96434 96439 532ba5 96440 4f2b25 96439->96440 96441 532baf 96439->96441 96467 4f2b83 7 API calls 96440->96467 96443 4f3a5a 24 API calls 96441->96443 96445 532bb8 96443->96445 96447 4f9cb3 22 API calls 96445->96447 96449 532bc6 96447->96449 96448 4f2b2f 96453 4f3837 49 API calls 96448->96453 96458 4f2b44 96448->96458 96450 532bf5 96449->96450 96451 532bce 96449->96451 96454 4f33c6 22 API calls 96450->96454 96452 4f33c6 22 API calls 96451->96452 96455 532bd9 96452->96455 96453->96458 96465 532bf1 GetForegroundWindow ShellExecuteW 96454->96465 96471 4f6350 22 API calls 96455->96471 96457 4f2b5f 96464 4f2b66 SetCurrentDirectoryW 96457->96464 96458->96457 96461 4f30f2 Shell_NotifyIconW 96458->96461 96460 532be7 96462 4f33c6 22 API calls 96460->96462 96461->96457 96462->96465 96463 532c26 96463->96457 96466 4f2b7a 96464->96466 96465->96463 96472 4f2cd4 7 API calls 96467->96472 96469 4f2b2a 96470 4f2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96469->96470 96470->96448 96471->96460 96472->96469 96473 4f2e37 96474 4fa961 22 API calls 96473->96474 96475 4f2e4d 96474->96475 96552 4f4ae3 96475->96552 96477 4f2e6b 96478 4f3a5a 24 API calls 96477->96478 96479 4f2e7f 96478->96479 96480 4f9cb3 22 API calls 96479->96480 96481 4f2e8c 96480->96481 96482 4f4ecb 94 API calls 96481->96482 96483 4f2ea5 96482->96483 96484 4f2ead 96483->96484 96485 532cb0 96483->96485 96566 4fa8c7 22 API calls __fread_nolock 96484->96566 96486 562cf9 80 API calls 96485->96486 96487 532cc3 96486->96487 96488 532ccf 96487->96488 96490 4f4f39 68 API calls 96487->96490 96493 4f4f39 68 API calls 96488->96493 96490->96488 96491 4f2ec3 96567 4f6f88 22 API calls 96491->96567 96495 532ce5 96493->96495 96494 4f2ecf 96496 4f9cb3 22 API calls 96494->96496 96584 4f3084 22 API calls 96495->96584 96497 4f2edc 96496->96497 96568 4fa81b 41 API calls 96497->96568 96499 4f2eec 96502 4f9cb3 22 API calls 96499->96502 96501 532d02 96585 4f3084 22 API calls 96501->96585 96504 4f2f12 96502->96504 96569 4fa81b 41 API calls 96504->96569 96505 532d1e 96507 4f3a5a 24 API calls 96505->96507 96508 532d44 96507->96508 96586 4f3084 22 API calls 96508->96586 96509 4f2f21 96512 4fa961 22 API calls 96509->96512 96511 532d50 96587 4fa8c7 22 API calls __fread_nolock 96511->96587 96514 4f2f3f 96512->96514 96570 4f3084 22 API calls 96514->96570 96515 532d5e 96588 4f3084 22 API calls 96515->96588 96518 4f2f4b 96571 514a28 40 API calls 3 library calls 96518->96571 96520 532d6d 96589 4fa8c7 22 API calls __fread_nolock 96520->96589 96521 4f2f59 96521->96495 96522 4f2f63 96521->96522 96572 514a28 40 API calls 3 library calls 96522->96572 96525 4f2f6e 96525->96501 96528 4f2f78 96525->96528 96526 532d83 96590 4f3084 22 API calls 96526->96590 96573 514a28 40 API calls 3 library calls 96528->96573 96529 532d90 96531 4f2f83 96531->96505 96532 4f2f8d 96531->96532 96574 514a28 40 API calls 3 library calls 96532->96574 96534 4f2f98 96535 4f2fdc 96534->96535 96575 4f3084 22 API calls 96534->96575 96535->96520 96536 4f2fe8 96535->96536 96536->96529 96578 4f63eb 22 API calls 96536->96578 96539 4f2fbf 96576 4fa8c7 22 API calls __fread_nolock 96539->96576 96541 4f2ff8 96579 4f6a50 22 API calls 96541->96579 96542 4f2fcd 96577 4f3084 22 API calls 96542->96577 96545 4f3006 96580 4f70b0 23 API calls 96545->96580 96547 4f3065 96549 4f3021 96549->96547 96581 4f6f88 22 API calls 96549->96581 96582 4f70b0 23 API calls 96549->96582 96583 4f3084 22 API calls 96549->96583 96553 4f4af0 __wsopen_s 96552->96553 96554 4f6b57 22 API calls 96553->96554 96555 4f4b22 96553->96555 96554->96555 96563 4f4b58 96555->96563 96591 4f4c6d 96555->96591 96557 4f4c6d 22 API calls 96557->96563 96558 4f9cb3 22 API calls 96560 4f4c52 96558->96560 96559 4f9cb3 22 API calls 96559->96563 96561 4f515f 22 API calls 96560->96561 96562 4f4c5e 96561->96562 96562->96477 96563->96557 96563->96559 96564 4f515f 22 API calls 96563->96564 96565 4f4c29 96563->96565 96564->96563 96565->96558 96565->96562 96566->96491 96567->96494 96568->96499 96569->96509 96570->96518 96571->96521 96572->96525 96573->96531 96574->96534 96575->96539 96576->96542 96577->96535 96578->96541 96579->96545 96580->96549 96581->96549 96582->96549 96583->96549 96584->96501 96585->96505 96586->96511 96587->96515 96588->96520 96589->96526 96590->96529 96592 4faec9 22 API calls 96591->96592 96593 4f4c78 96592->96593 96593->96555 96594 4ffe73 96595 50ceb1 23 API calls 96594->96595 96596 4ffe89 96595->96596 96601 50cf92 96596->96601 96598 4ffeb3 96613 56359c 82 API calls __wsopen_s 96598->96613 96600 544ab8 96602 4f6270 22 API calls 96601->96602 96603 50cfc9 96602->96603 96604 4f9cb3 22 API calls 96603->96604 96606 50cffa 96603->96606 96605 54d166 96604->96605 96614 4f6350 22 API calls 96605->96614 96606->96598 96608 54d171 96615 50d2f0 40 API calls 96608->96615 96610 54d184 96611 4faceb 23 API calls 96610->96611 96612 54d188 96610->96612 96611->96612 96612->96612 96613->96600 96614->96608 96615->96610 96616 4f1033 96621 4f4c91 96616->96621 96620 4f1042 96622 4fa961 22 API calls 96621->96622 96623 4f4cff 96622->96623 96630 4f3af0 96623->96630 96625 533cb6 96627 4f4d9c 96627->96625 96628 4f1038 96627->96628 96633 4f51f7 22 API calls __fread_nolock 96627->96633 96629 5100a3 29 API calls __onexit 96628->96629 96629->96620 96631 4f3b1c 3 API calls 96630->96631 96632 4f3b0f 96631->96632 96632->96627 96633->96627

                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 004F42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 4f42de-4f434d call 4fa961 GetVersionExW call 4f6b57 394 533617-53362a 389->394 395 4f4353 389->395 396 53362b-53362f 394->396 397 4f4355-4f4357 395->397 398 533632-53363e 396->398 399 533631 396->399 400 4f435d-4f43bc call 4f93b2 call 4f37a0 397->400 401 533656 397->401 398->396 402 533640-533642 398->402 399->398 416 5337df-5337e6 400->416 417 4f43c2-4f43c4 400->417 405 53365d-533660 401->405 402->397 404 533648-53364f 402->404 404->394 407 533651 404->407 408 4f441b-4f4435 GetCurrentProcess IsWow64Process 405->408 409 533666-5336a8 405->409 407->401 411 4f4437 408->411 412 4f4494-4f449a 408->412 409->408 413 5336ae-5336b1 409->413 415 4f443d-4f4449 411->415 412->415 418 5336b3-5336bd 413->418 419 5336db-5336e5 413->419 425 4f444f-4f445e LoadLibraryA 415->425 426 533824-533828 GetSystemInfo 415->426 421 533806-533809 416->421 422 5337e8 416->422 417->405 420 4f43ca-4f43dd 417->420 427 5336ca-5336d6 418->427 428 5336bf-5336c5 418->428 423 5336e7-5336f3 419->423 424 5336f8-533702 419->424 429 533726-53372f 420->429 430 4f43e3-4f43e5 420->430 434 5337f4-5337fc 421->434 435 53380b-53381a 421->435 431 5337ee 422->431 423->408 432 533715-533721 424->432 433 533704-533710 424->433 436 4f449c-4f44a6 GetSystemInfo 425->436 437 4f4460-4f446e GetProcAddress 425->437 427->408 428->408 441 533731-533737 429->441 442 53373c-533748 429->442 439 4f43eb-4f43ee 430->439 440 53374d-533762 430->440 431->434 432->408 433->408 434->421 435->431 443 53381c-533822 435->443 438 4f4476-4f4478 436->438 437->436 444 4f4470-4f4474 GetNativeSystemInfo 437->444 449 4f447a-4f447b FreeLibrary 438->449 450 4f4481-4f4493 438->450 445 533791-533794 439->445 446 4f43f4-4f440f 439->446 447 533764-53376a 440->447 448 53376f-53377b 440->448 441->408 442->408 443->434 444->438 445->408 453 53379a-5337c1 445->453 451 533780-53378c 446->451 452 4f4415 446->452 447->408 448->408 449->450 451->408 452->408 454 5337c3-5337c9 453->454 455 5337ce-5337da 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 004F430D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0058CB64,00000000,?,?), ref: 004F4422
                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 004F4429
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 004F4454
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 004F4466
                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 004F4474
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 004F447B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 004F44A0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 710b43d934ff1eed517e4edb07e14542cce83ec1f580481210aa4026e0b72be8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b81fa5c1b001c5696f9db8654650fac93d5a236c42a967e1b7b4aedc5394d8f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 710b43d934ff1eed517e4edb07e14542cce83ec1f580481210aa4026e0b72be8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26A1143191AEC4CFC712C7A87C419A63FA47B73F48B145D99D441A3A23D638460DEB2E
                                                                                                                                                                                                                                                                                                                                                      Function 004F42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1977 4f42a2-4f42ba CreateStreamOnHGlobal 1978 4f42bc-4f42d3 FindResourceExW 1977->1978 1979 4f42da-4f42dd 1977->1979 1980 4f42d9 1978->1980 1981 5335ba-5335c9 LoadResource 1978->1981 1980->1979 1981->1980 1982 5335cf-5335dd SizeofResource 1981->1982 1982->1980 1983 5335e3-5335ee LockResource 1982->1983 1983->1980 1984 5335f4-533612 1983->1984 1984->1980
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,004F50AA,?,?,00000000,00000000), ref: 004F42B2
                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004F50AA,?,?,00000000,00000000), ref: 004F42C9
                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,004F50AA,?,?,00000000,00000000,?,?,?,?,?,?,004F4F20), ref: 005335BE
                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,004F50AA,?,?,00000000,00000000,?,?,?,?,?,?,004F4F20), ref: 005335D3
                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(004F50AA,?,?,004F50AA,?,?,00000000,00000000,?,?,?,?,?,?,004F4F20,?), ref: 005335E6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15f83ed939a37e651509a092ae384fc5d9a62843a479c99c2ec9075e1183d44a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a1656488022dcaf32c65ef728da209c720ff0fbd563d9dde438c271eac9d1236
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f83ed939a37e651509a092ae384fc5d9a62843a479c99c2ec9075e1183d44a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47117C74200704BFE7218B65DC48F277FB9EBD5B91F1081AAF902A66A0DB71D8049B30
                                                                                                                                                                                                                                                                                                                                                      Function 00532BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 004F2B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,005C1418,?,004F2E7F,?,?,?,00000000), ref: 004F3A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,005B2224), ref: 00532C10
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,005B2224), ref: 00532C17
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d1ee14e64f9802ee53ab2054c8149aa83b96f02889f43ad6b922d2f90a383f14
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e1a4abb521f2d19feecc91ce96f6e213c0b1725f8985747473072b63dce7234
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1ee14e64f9802ee53ab2054c8149aa83b96f02889f43ad6b922d2f90a383f14
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4911E7311087496ECB05FF61D852EBEBBE4AB91745F04141FF742520A3DF789909D71A
                                                                                                                                                                                                                                                                                                                                                      Function 0055D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0055D501
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0055D50F
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0055D52F
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0055D5DC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eda02c89e49480e65e48f2b8ebc0a9726304409f9239f3f936033e57bd4231ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e7d0f6ed1dcbe74b3832d36a982f1d13412bd6f21aa4dccb6748b74ff99dddd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eda02c89e49480e65e48f2b8ebc0a9726304409f9239f3f936033e57bd4231ac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B3192720082059FD310EF54C895ABFBFF8AF99344F14092EF985921A1EB719948CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 0055DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00535222), ref: 0055DBCE
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0055DBDD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0055DBEE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0055DBFA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b2d7073b9073fd5d5d27be9d3b8f32dc83ba13fb61b89dcfaf34d4b36ed428b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6eaccaa566848c88fa641c5c01fb2f7fc7fb9f78c5503ddcb22ee4b0fce20b12
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b2d7073b9073fd5d5d27be9d3b8f32dc83ba13fb61b89dcfaf34d4b36ed428b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0F08C328109109782306B68AC0D8AE3FBCAE41336B104702FC77D20E0EBB06D5C9AA5
                                                                                                                                                                                                                                                                                                                                                      Function 0054D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 730e5f74c40af581f9424d94f386303e862d4d243933a2a4e6d8d61f288c26de
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0fa13e84f8bce61c00e3efa483571e1f1d0a02699c63d643e296b4607dd39546
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 730e5f74c40af581f9424d94f386303e862d4d243933a2a4e6d8d61f288c26de
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40D0627980D119EACB9096D0DC499FDBFBCBB58345F548C52FD07A1080E674D5486B71
                                                                                                                                                                                                                                                                                                                                                      Function 00514CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(005228E9,?,00514CBE,005228E9,005B88B8,0000000C,00514E15,005228E9,00000002,00000000,?,005228E9), ref: 00514D09
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00514CBE,005228E9,005B88B8,0000000C,00514E15,005228E9,00000002,00000000,?,005228E9), ref: 00514D10
                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00514D22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f1faec4a13b9a7d7cb52d8299fb74dd9e1e665379c47b51032c74edd68721702
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39dbaad73aeaeead5e5ab53279e6e4b1597345be37f9e8b97de0e9466a4e1658
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1faec4a13b9a7d7cb52d8299fb74dd9e1e665379c47b51032c74edd68721702
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16E0B631000148ABDF11AF54ED0DA983F69FF92B81B105414FC099A122CB35ED86EF90
                                                                                                                                                                                                                                                                                                                                                      Function 0054D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 0054D28C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b39a71044f7b136be5c18ac40455803316336d221c7ba7c3b01e27af3704feb1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5df1ab823502b6d4406a587f285b277da4ce5df5bdc5c6ebb5112ea5b210a8af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b39a71044f7b136be5c18ac40455803316336d221c7ba7c3b01e27af3704feb1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFD0C9B480511DEBCB90CB90DC8CDDDBB7CBB14345F100551F506A2140D77495489F20
                                                                                                                                                                                                                                                                                                                                                      Function 004FBF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3964851224-2009390076
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09df44c3c322e5715c95a2a860ec5646a0545919b2347f869766827f94def288
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3020bb3dec30f43ca972c219665cbe904977c9c5ebc8bfd6b550369f27c3b636
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09df44c3c322e5715c95a2a860ec5646a0545919b2347f869766827f94def288
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63A27E705083458FD714DF14C580B6ABBE1FF89308F24896EEA8A8B392D775EC45CB96
                                                                                                                                                                                                                                                                                                                                                      Function 0057AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 57aff9-57b056 call 512340 3 57b094-57b098 0->3 4 57b058-57b06b call 4fb567 0->4 6 57b0dd-57b0e0 3->6 7 57b09a-57b0bb call 4fb567 * 2 3->7 14 57b06d-57b092 call 4fb567 * 2 4->14 15 57b0c8 4->15 10 57b0f5-57b119 call 4f7510 call 4f7620 6->10 11 57b0e2-57b0e5 6->11 29 57b0bf-57b0c4 7->29 31 57b11f-57b178 call 4f7510 call 4f7620 call 4f7510 call 4f7620 call 4f7510 call 4f7620 10->31 32 57b1d8-57b1e0 10->32 16 57b0e8-57b0ed call 4fb567 11->16 14->29 19 57b0cb-57b0cf 15->19 16->10 24 57b0d1-57b0d7 19->24 25 57b0d9-57b0db 19->25 24->16 25->6 25->10 29->6 33 57b0c6 29->33 79 57b1a6-57b1d6 GetSystemDirectoryW call 50fe0b GetSystemDirectoryW 31->79 80 57b17a-57b195 call 4f7510 call 4f7620 31->80 36 57b1e2-57b1fd call 4f7510 call 4f7620 32->36 37 57b20a-57b238 GetCurrentDirectoryW call 50fe0b GetCurrentDirectoryW 32->37 33->19 36->37 50 57b1ff-57b208 call 514963 36->50 46 57b23c 37->46 49 57b240-57b244 46->49 52 57b246-57b270 call 4f9c6e * 3 49->52 53 57b275-57b285 call 5600d9 49->53 50->37 50->53 52->53 62 57b287-57b289 53->62 63 57b28b-57b2e1 call 5607c0 call 5606e6 call 5605a7 53->63 66 57b2ee-57b2f2 62->66 63->66 99 57b2e3 63->99 71 57b39a-57b3be CreateProcessW 66->71 72 57b2f8-57b321 call 5511c8 66->72 77 57b3c1-57b3d4 call 50fe14 * 2 71->77 84 57b323-57b328 call 551201 72->84 85 57b32a call 5514ce 72->85 103 57b3d6-57b3e8 77->103 104 57b42f-57b43d CloseHandle 77->104 79->46 80->79 105 57b197-57b1a0 call 514963 80->105 98 57b32f-57b33c call 514963 84->98 85->98 115 57b347-57b357 call 514963 98->115 116 57b33e-57b345 98->116 99->66 109 57b3ed-57b3fc 103->109 110 57b3ea 103->110 107 57b43f-57b444 104->107 108 57b49c 104->108 105->49 105->79 117 57b446-57b44c CloseHandle 107->117 118 57b451-57b456 107->118 113 57b4a0-57b4a4 108->113 111 57b401-57b42a GetLastError call 4f630c call 4fcfa0 109->111 112 57b3fe 109->112 110->109 127 57b4e5-57b4f6 call 560175 111->127 112->111 120 57b4a6-57b4b0 113->120 121 57b4b2-57b4bc 113->121 136 57b362-57b372 call 514963 115->136 137 57b359-57b360 115->137 116->115 116->116 117->118 124 57b463-57b468 118->124 125 57b458-57b45e CloseHandle 118->125 120->127 128 57b4c4-57b4e3 call 4fcfa0 CloseHandle 121->128 129 57b4be 121->129 131 57b475-57b49a call 5609d9 call 57b536 124->131 132 57b46a-57b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 146 57b374-57b37b 136->146 147 57b37d-57b398 call 50fe14 * 3 136->147 137->136 137->137 146->146 146->147 147->77
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057B198
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0057B1B0
                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0057B1D4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057B200
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0057B214
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0057B236
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057B332
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005605A7: GetStdHandle.KERNEL32(000000F6), ref: 005605C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057B34B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057B366
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0057B3B6
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0057B407
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0057B439
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057B44A
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057B45C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057B46E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0057B4E3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 59dfd432b2d7bbc7d5ed5dfd4b2ea4c5de91e18a9136a6152b00d077acf6071c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 890f7f5d3bdd2ae729f8857758e9ee1b2664fb74599216ef257d29a7e3475c11
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59dfd432b2d7bbc7d5ed5dfd4b2ea4c5de91e18a9136a6152b00d077acf6071c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F1CC315043009FEB24EF25D895B6EBBE1BF85314F14885EF9898B2A2CB35EC44DB52
                                                                                                                                                                                                                                                                                                                                                      Function 004FD730 Relevance: 21.6, APIs: 14, Instructions: 626windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 004FD807
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 004FDA07
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004FDB28
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 004FDB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 004FDB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004FDB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 004FDBB1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf18abf278a3eb3f7ebe6d8a2ec06e16fd7271fa78e9c9de64fca6cae560a028
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb4b04c06aa066c081c47a71e8d214bf79a7b0b1b70b6268f7affc4e0bd2f7f7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf18abf278a3eb3f7ebe6d8a2ec06e16fd7271fa78e9c9de64fca6cae560a028
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29420370A04646DFD728CF24C888FBABBA2FF85308F54451EF95587291C7B4E844DB9A
                                                                                                                                                                                                                                                                                                                                                      Function 004F2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 004F2D07
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 004F2D31
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004F2D42
                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 004F2D5F
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004F2D6F
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 004F2D85
                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004F2D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4104e8db21216a91a5109d7b010f76bf082969c465e70d000720e223168efe13
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 38ae9de8e31270e70104911f10ea1465e91f8326e97706ec39918a7c2c7628a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4104e8db21216a91a5109d7b010f76bf082969c465e70d000720e223168efe13
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E21EFB5901608EFDB00DFA4E889A9DBFB4FB19700F00811AFA11B62A0D7B14548EFA5
                                                                                                                                                                                                                                                                                                                                                      Function 0053065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 53065b-53068b call 53042f 460 5306a6-5306b2 call 525221 457->460 461 53068d-530698 call 51f2c6 457->461 466 5306b4-5306c9 call 51f2c6 call 51f2d9 460->466 467 5306cb-530714 call 53039a 460->467 468 53069a-5306a1 call 51f2d9 461->468 466->468 476 530781-53078a GetFileType 467->476 477 530716-53071f 467->477 478 53097d-530983 468->478 479 5307d3-5307d6 476->479 480 53078c-5307bd GetLastError call 51f2a3 CloseHandle 476->480 482 530721-530725 477->482 483 530756-53077c GetLastError call 51f2a3 477->483 485 5307d8-5307dd 479->485 486 5307df-5307e5 479->486 480->468 494 5307c3-5307ce call 51f2d9 480->494 482->483 487 530727-530754 call 53039a 482->487 483->468 491 5307e9-530837 call 52516a 485->491 486->491 492 5307e7 486->492 487->476 487->483 500 530847-53086b call 53014d 491->500 501 530839-530845 call 5305ab 491->501 492->491 494->468 507 53087e-5308c1 500->507 508 53086d 500->508 501->500 506 53086f-530879 call 5286ae 501->506 506->478 510 5308c3-5308c7 507->510 511 5308e2-5308f0 507->511 508->506 510->511 513 5308c9-5308dd 510->513 514 5308f6-5308fa 511->514 515 53097b 511->515 513->511 514->515 516 5308fc-53092f CloseHandle call 53039a 514->516 515->478 519 530963-530977 516->519 520 530931-53095d GetLastError call 51f2a3 call 525333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0053039A: CreateFileW.KERNEL32(00000000,00000000,?,00530704,?,?,00000000,?,00530704,00000000,0000000C), ref: 005303B7
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0053076F
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00530776
                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 00530782
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0053078C
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00530795
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 005307B5
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005308FF
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00530931
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00530938
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b38d3140aa378b2b2308e2419439a1aecb8001c9a5ba0cd84f0c2ced2a2faa39
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e75f4dea61ff8f3cf903d26927cbddbb5e5a27b494e0f8332ad5281b5e4b3c9b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b38d3140aa378b2b2308e2419439a1aecb8001c9a5ba0cd84f0c2ced2a2faa39
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAA12736A002098FDF19AF68DC66BAD7FA0FB46320F14115DF811EB2D1DB319856DB91
                                                                                                                                                                                                                                                                                                                                                      Function 004F344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,005C1418,?,004F2E7F,?,?,?,00000000), ref: 004F3A78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 004F3379
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 004F356A
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0053318D
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 005331CE
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00533210
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00533277
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00533286
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32cce9f69e2435837de70f2ddb1a319237b620524daa385e1a170dbc25189a9f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 25129ff110cfe01b9c40d73d85d2d515be9b8c2bd718ce4c30a745cca8c52120
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32cce9f69e2435837de70f2ddb1a319237b620524daa385e1a170dbc25189a9f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D71BC714043459EC304EF66DC85DABBFE8FFA4B44F40092EF545931A0EB789A48CBA6
                                                                                                                                                                                                                                                                                                                                                      Function 004F2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 004F2B8E
                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004F2B9D
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 004F2BB3
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 004F2BC5
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 004F2BD7
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 004F2BEF
                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 004F2C40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: GetSysColorBrush.USER32(0000000F), ref: 004F2D07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: RegisterClassExW.USER32(00000030), ref: 004F2D31
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004F2D42
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: InitCommonControlsEx.COMCTL32(?), ref: 004F2D5F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004F2D6F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: LoadIconW.USER32(000000A9), ref: 004F2D85
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004F2D94
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ca4eb56aabf3c985de5b023b667a99d657d60f5c12d37b679070680c6c86c37
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c25a053c0cda6c17238a100147957fc0c0222691880fa5d0bb5ae76140035bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ca4eb56aabf3c985de5b023b667a99d657d60f5c12d37b679070680c6c86c37
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD217C70E00B58AFDB109FA5EC44EA97FB4FB19F44F00041AEA00A26A1D3B54518EF98
                                                                                                                                                                                                                                                                                                                                                      Function 004FB710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 004FBB4E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: p#\$p#\$p#\$p#\$p%\$p%\$x#\$x#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1182363912
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad4619ece5d4e7ed7090bd9d0ad6e095dbcef8bfafcb0d214e988ec752fa4255
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70531d6452acad8dfa0f65c29f5488f61a98d595220a946438c34690cf928af5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad4619ece5d4e7ed7090bd9d0ad6e095dbcef8bfafcb0d214e988ec752fa4255
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C432AE74A002099FDB20DF54C894EBEBBB5FF45344F24845AEA05AB391C7B8ED42CB95
                                                                                                                                                                                                                                                                                                                                                      Function 004F3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 805 4f3170-4f3185 806 4f3187-4f318a 805->806 807 4f31e5-4f31e7 805->807 809 4f318c-4f3193 806->809 810 4f31eb 806->810 807->806 808 4f31e9 807->808 811 4f31d0-4f31d8 DefWindowProcW 808->811 814 4f3199-4f319e 809->814 815 4f3265-4f326d PostQuitMessage 809->815 812 532dfb-532e23 call 4f18e2 call 50e499 810->812 813 4f31f1-4f31f6 810->813 816 4f31de-4f31e4 811->816 847 532e28-532e2f 812->847 818 4f321d-4f3244 SetTimer RegisterWindowMessageW 813->818 819 4f31f8-4f31fb 813->819 821 4f31a4-4f31a8 814->821 822 532e7c-532e90 call 55bf30 814->822 817 4f3219-4f321b 815->817 817->816 818->817 826 4f3246-4f3251 CreatePopupMenu 818->826 823 4f3201-4f320f KillTimer call 4f30f2 819->823 824 532d9c-532d9f 819->824 827 4f31ae-4f31b3 821->827 828 532e68-532e72 call 55c161 821->828 822->817 838 532e96 822->838 842 4f3214 call 4f3c50 823->842 830 532da1-532da5 824->830 831 532dd7-532df6 MoveWindow 824->831 826->817 835 4f31b9-4f31be 827->835 836 532e4d-532e54 827->836 843 532e77 828->843 839 532da7-532daa 830->839 840 532dc6-532dd2 SetFocus 830->840 831->817 845 4f31c4-4f31ca 835->845 846 4f3253-4f3263 call 4f326f 835->846 836->811 841 532e5a-532e63 call 550ad7 836->841 838->811 839->845 848 532db0-532dc1 call 4f18e2 839->848 840->817 841->811 842->817 843->817 845->811 845->847 846->817 847->811 853 532e35-532e48 call 4f30f2 call 4f3837 847->853 848->817 853->811
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,004F316A,?,?), ref: 004F31D8
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,004F316A,?,?), ref: 004F3204
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004F3227
                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,004F316A,?,?), ref: 004F3232
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004F3246
                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 004F3267
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8986da5736fe6059fe443c08157af9cbb96c155fa2d6c7b0fbdbb834ba496abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30b4f9664f4c61c5d099bca9711afec9f63e84147e5a875e400832471b4b7095
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8986da5736fe6059fe443c08157af9cbb96c155fa2d6c7b0fbdbb834ba496abf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79414D31200908AEDB142FB89D0DF7A3E58F71634AF04011BFB06D5292CB79DE45A7AD
                                                                                                                                                                                                                                                                                                                                                      Function 004FDFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%\$D%\$D%\$D%\$D%\D%\$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-561792132
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: de855a1db5b74e266b77369482a07463a1b03c43febd4b0e96b2ff766d1d89b0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 294d7d692a9a980ed136a4cc7704aaca63ec3d9b79024b7314c923a49e4ac42e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de855a1db5b74e266b77369482a07463a1b03c43febd4b0e96b2ff766d1d89b0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90C2AF71A00209CFCB24CF5AC884ABEBBF1BF54305F14856AEA05AB3A1D379ED41CB55
                                                                                                                                                                                                                                                                                                                                                      Function 004FEC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 004FFE66
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%\$D%\$D%\$D%\$D%\D%\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-2509346657
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 207b2424637048a63fdc69de6ffd573fddb875be61687dd65c53c93945e9e373
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d8259303ffa46c8f4992bf044589bdfd164421251e7a1e1d82e2e9b73fa2213
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 207b2424637048a63fdc69de6ffd573fddb875be61687dd65c53c93945e9e373
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7B29D74604345CFDB24CF15C480A3ABBE1BF99304F24486EEA859B3A1D779EC49CB96
                                                                                                                                                                                                                                                                                                                                                      Function 004F1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1814 4f1410-4f1449 1815 4f144f-4f1465 mciSendStringW 1814->1815 1816 5324b8-5324b9 DestroyWindow 1814->1816 1817 4f146b-4f1473 1815->1817 1818 4f16c6-4f16d3 1815->1818 1819 5324c4-5324d1 1816->1819 1817->1819 1820 4f1479-4f1488 call 4f182e 1817->1820 1821 4f16f8-4f16ff 1818->1821 1822 4f16d5-4f16f0 UnregisterHotKey 1818->1822 1823 5324d3-5324d6 1819->1823 1824 532500-532507 1819->1824 1835 4f148e-4f1496 1820->1835 1836 53250e-53251a 1820->1836 1821->1817 1827 4f1705 1821->1827 1822->1821 1826 4f16f2-4f16f3 call 4f10d0 1822->1826 1828 5324e2-5324e5 FindClose 1823->1828 1829 5324d8-5324e0 call 4f6246 1823->1829 1824->1819 1832 532509 1824->1832 1826->1821 1827->1818 1834 5324eb-5324f8 1828->1834 1829->1834 1832->1836 1834->1824 1840 5324fa-5324fb call 5632b1 1834->1840 1841 532532-53253f 1835->1841 1842 4f149c-4f14c1 call 4fcfa0 1835->1842 1837 532524-53252b 1836->1837 1838 53251c-53251e FreeLibrary 1836->1838 1837->1836 1843 53252d 1837->1843 1838->1837 1840->1824 1844 532541-53255e VirtualFree 1841->1844 1845 532566-53256d 1841->1845 1852 4f14f8-4f1503 CoUninitialize 1842->1852 1853 4f14c3 1842->1853 1843->1841 1844->1845 1848 532560-532561 call 563317 1844->1848 1845->1841 1849 53256f 1845->1849 1848->1845 1856 532574-532578 1849->1856 1855 4f1509-4f150e 1852->1855 1852->1856 1854 4f14c6-4f14f6 call 4f1a05 call 4f19ae 1853->1854 1854->1852 1858 532589-532596 call 5632eb 1855->1858 1859 4f1514-4f151e 1855->1859 1856->1855 1860 53257e-532584 1856->1860 1872 532598 1858->1872 1863 4f1707-4f1714 call 50f80e 1859->1863 1864 4f1524-4f152f call 4f988f 1859->1864 1860->1855 1863->1864 1874 4f171a 1863->1874 1875 4f1535 call 4f1944 1864->1875 1876 53259d-5325bf call 50fdcd 1872->1876 1874->1863 1877 4f153a-4f15a5 call 4f17d5 call 50fe14 call 4f177c call 4f988f call 4fcfa0 call 4f17fe call 50fe14 1875->1877 1882 5325c1 1876->1882 1877->1876 1904 4f15ab-4f15cf call 50fe14 1877->1904 1886 5325c6-5325e8 call 50fdcd 1882->1886 1892 5325ea 1886->1892 1894 5325ef-532611 call 50fdcd 1892->1894 1900 532613 1894->1900 1903 532618-532625 call 5564d4 1900->1903 1909 532627 1903->1909 1904->1886 1910 4f15d5-4f15f9 call 50fe14 1904->1910 1913 53262c-532639 call 50ac64 1909->1913 1910->1894 1914 4f15ff-4f1619 call 50fe14 1910->1914 1919 53263b 1913->1919 1914->1903 1920 4f161f-4f1643 call 4f17d5 call 50fe14 1914->1920 1922 532640-53264d call 563245 1919->1922 1920->1913 1929 4f1649-4f1651 1920->1929 1927 53264f 1922->1927 1930 532654-532661 call 5632cc 1927->1930 1929->1922 1931 4f1657-4f1668 call 4f988f call 4f190a 1929->1931 1936 532663 1930->1936 1938 4f166d-4f1675 1931->1938 1939 532668-532675 call 5632cc 1936->1939 1938->1930 1940 4f167b-4f1689 1938->1940 1946 532677 1939->1946 1940->1939 1941 4f168f-4f16c5 call 4f988f * 3 call 4f1876 1940->1941 1946->1946
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 004F1459
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 004F14F8
                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 004F16DD
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005324B9
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0053251E
                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0053254B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6c9a110a9058b2c286f022ffb114a27a92cc75405e4670e90a09da52289d9f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 735fb3387b4a4a2dbfca8b00ed898671b0f2e9062b8bd1d07db6d1e852e97d44
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6c9a110a9058b2c286f022ffb114a27a92cc75405e4670e90a09da52289d9f9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BD19D31701612CFDB29EF15C499A39FBA4BF44704F1441AEE94AAB262CB34ED12CF55
                                                                                                                                                                                                                                                                                                                                                      Function 0055DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1953 55de27-55de4a WSAStartup 1954 55dee6-55def2 call 514983 1953->1954 1955 55de50-55de71 gethostname gethostbyname 1953->1955 1963 55def3-55def6 1954->1963 1955->1954 1957 55de73-55de7a 1955->1957 1959 55de83-55de85 1957->1959 1960 55de7c-55de81 1957->1960 1961 55de87-55de94 call 514983 1959->1961 1962 55de96-55dedb call 510e20 inet_ntoa call 51d5f0 call 55ebd1 call 514983 call 50fe14 1959->1962 1960->1959 1960->1960 1968 55dede-55dee4 WSACleanup 1961->1968 1962->1968 1968->1963
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5598e22f5900da5221ebe0292ac06320f02144ee873c6330f56932f56b5a28e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c28a31f412502d1025c32b7b25a1374585f204598dcd66911eb6d12f7dbdd46
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5598e22f5900da5221ebe0292ac06320f02144ee873c6330f56932f56b5a28e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7111E73250411AABDB30AB209C0BEEE7FBCFB51712F00016AF905E6091EF748A859B70
                                                                                                                                                                                                                                                                                                                                                      Function 004F2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1987 4f2c63-4f2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 004F2C91
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 004F2CB2
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,004F1CAD,?), ref: 004F2CC6
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,004F1CAD,?), ref: 004F2CCF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d4e602f80abdba1cb28af85e22bc9f6807da865f55936a0ed7bfb942426f658
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec3936e1dfff7423e7330c8ab5e7c5297f6e52e4640b00a036a758997baadac9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d4e602f80abdba1cb28af85e22bc9f6807da865f55936a0ed7bfb942426f658
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF0DA75640AD07EEB311717AC08E772EBDE7E7F54B01045EFD00A25A1C6751858EAB8
                                                                                                                                                                                                                                                                                                                                                      Function 00522DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2376 522df8-522e0f GetLastError 2377 522e11-522e1b call 52320e 2376->2377 2378 522e1d-522e24 call 524c7d 2376->2378 2377->2378 2383 522e6e-522e75 SetLastError 2377->2383 2382 522e29-522e2f 2378->2382 2384 522e31 2382->2384 2385 522e3a-522e48 call 523264 2382->2385 2387 522e77-522e7c 2383->2387 2388 522e32-522e38 call 5229c8 2384->2388 2392 522e4a-522e4b 2385->2392 2393 522e4d-522e63 call 522be6 call 5229c8 2385->2393 2394 522e65-522e6c SetLastError 2388->2394 2392->2388 2393->2383 2393->2394 2394->2387
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,0051F2DE,00523863,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6), ref: 00522DFD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522E32
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522E59
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,004F1129), ref: 00522E66
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,004F1129), ref: 00522E6F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 723d84d08a1afa350a0a0b81c4e74c52a5147ef26a450838165724b2bd600881
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02ec73fc5d1332297306b8ee470aef436bb893bb9e0b778f5f08cbf6d6054110
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723d84d08a1afa350a0a0b81c4e74c52a5147ef26a450838165724b2bd600881
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B01D13E205621BB861227787C4AD3B2E5DBFE73A1F224928F825A21D2EE748C056120
                                                                                                                                                                                                                                                                                                                                                      Function 004F3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2435 4f3b1c-4f3b27 2436 4f3b99-4f3b9b 2435->2436 2437 4f3b29-4f3b2e 2435->2437 2439 4f3b8c-4f3b8f 2436->2439 2437->2436 2438 4f3b30-4f3b48 RegOpenKeyExW 2437->2438 2438->2436 2440 4f3b4a-4f3b69 RegQueryValueExW 2438->2440 2441 4f3b6b-4f3b76 2440->2441 2442 4f3b80-4f3b8b RegCloseKey 2440->2442 2443 4f3b78-4f3b7a 2441->2443 2444 4f3b90-4f3b97 2441->2444 2442->2439 2445 4f3b7e 2443->2445 2444->2445 2445->2442
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,004F3B0F,SwapMouseButtons,00000004,?), ref: 004F3B40
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,004F3B0F,SwapMouseButtons,00000004,?), ref: 004F3B61
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,004F3B0F,SwapMouseButtons,00000004,?), ref: 004F3B83
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 627100c6bf53260b327327e2ceed15152bf757738cd1fe5057c097919bac7de3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a2cf8babd90cdc2959f8d9270765ea6519557d4e5fa51e242904d38edf7f2182
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 627100c6bf53260b327327e2ceed15152bf757738cd1fe5057c097919bac7de3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41115AB1511208FFDB208FA4DC48ABFBBB8EF00785B10445AA901E7211D235AE45A764
                                                                                                                                                                                                                                                                                                                                                      Function 0054D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0054D3BF
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 0054D3E5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f0ea576a2b450641892ae39a21d4b79cfc2314d7ad31d1fd2b8e79c36088864
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 99a3607d824bb276fc37a38d75f415e6e2224734ea4a52e3dc6f6cb08bc1bdbb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f0ea576a2b450641892ae39a21d4b79cfc2314d7ad31d1fd2b8e79c36088864
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F0EC365096119BD7716A104C58ADD3F747F11F09BA44D55EC02F5245D7B4CD4487B1
                                                                                                                                                                                                                                                                                                                                                      Function 004F3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 005333A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 004F3A04
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 828b793b5f3cdd2f130d17e8210fc7b9b14b430297ea2477fc96661256cc78b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e35f481acad3830aad2a56e68204144a77b16b5e6c2efed3f3fadf02d8b9fd56
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 828b793b5f3cdd2f130d17e8210fc7b9b14b430297ea2477fc96661256cc78b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B31E471408708AED321EF10DC45FFBB7D8AB41719F00492FF69992191DB789A48C7DA
                                                                                                                                                                                                                                                                                                                                                      Function 004F2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 00532C8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004F3A97,?,?,004F2E7F,?,?,?,00000000), ref: 004F3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004F2DC4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID: X$`e[
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-1307940800
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 392839ef67f744aa27b9c4a3d11d83f539c44bee301c27e9a73d644e40b2b657
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 52e0ac121eb2c689d10b6842b1aa61fd34ce948ebe7801e52c91f912e6df340b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 392839ef67f744aa27b9c4a3d11d83f539c44bee301c27e9a73d644e40b2b657
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF219371A0069CAFDF01DF95C849BEE7BF8AF89304F00405AE505B7241DBB85A898F65
                                                                                                                                                                                                                                                                                                                                                      Function 0050FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00510668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005132A4: RaiseException.KERNEL32(?,?,?,0051068A,?,005C1444,?,?,?,?,?,?,0051068A,004F1129,005B8738,004F1129), ref: 00513304
                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 00510685
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 24a43dcefec2f26755799e01c95028e112391be58be0675e6c3855d1b4aa3c11
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f96a75297513f39aacb60dd3c8629d8886978e6489b32a93e9cf491dc14321a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24a43dcefec2f26755799e01c95028e112391be58be0675e6c3855d1b4aa3c11
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF0C83490020E77DF10BA64D84ACDD7F6D7E80350B604531B924959D1EFB1EAD5CA80
                                                                                                                                                                                                                                                                                                                                                      Function 004F10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 004F1BF4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 004F1BFC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 004F1C07
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 004F1C12
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 004F1C1A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 004F1C22
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F1B4A: RegisterWindowMessageW.USER32(00000004,?,004F12C4), ref: 004F1BA2
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 004F136A
                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 004F1388
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 005324AB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 285ffcbce85cf8a8ba0fa288080fe8920882093417d2b103e8582cd0f9ac3a02
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50f23171d1d50d3f26523bde95f7acb43213616b85e00c2da998aabd50526d04
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 285ffcbce85cf8a8ba0fa288080fe8920882093417d2b103e8582cd0f9ac3a02
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C71DDB4805E048EC784EF7AA985E653EE0FBAB344754812ED50AD7363EB348008EF5C
                                                                                                                                                                                                                                                                                                                                                      Function 0055C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 004F3A04
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0055C259
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 0055C261
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0055C270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 104bc1ea3475ac88d6de583b7a1ffda4af7484d8ee4d64f2bdd0e5c1ec581d3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b16011d5e051b6476ac069e1096097eaec499ed8ece7f2eab7422101eefcb8c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 104bc1ea3475ac88d6de583b7a1ffda4af7484d8ee4d64f2bdd0e5c1ec581d3d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6331E8749047446FEB228F648855BE7BFECAB12309F00049ED9DAA7141C3745A88CB51
                                                                                                                                                                                                                                                                                                                                                      Function 005286AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,005285CC,?,005B8CC8,0000000C), ref: 00528704
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,005285CC,?,005B8CC8,0000000C), ref: 0052870E
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00528739
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e424849e94679f182e983f637f1023ff31c03879b89160e592167d0d3d7041d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 52bb46692c306491314e821afa7082f42627cf7033d5a14563c39e46c4a08ae8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e424849e94679f182e983f637f1023ff31c03879b89160e592167d0d3d7041d5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D016B336066302AD624A6B4784DB7E2F49AFF3774F381519F8149B1D3EEB19C819290
                                                                                                                                                                                                                                                                                                                                                      Function 004FDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 004FDB7B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 004FDB89
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004FDB9F
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 004FDBB1
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 00541CC9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 399c147d4b632e44df675201a354f7e393ddf93202fd8a3dcaa16189e9d0439f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d1fdd041f192ff3ebc39705576d2f32700e9cf1d3baee0e2a0308d27c05e85a6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 399c147d4b632e44df675201a354f7e393ddf93202fd8a3dcaa16189e9d0439f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AF05E306447459BEB30DBA08C89FEB7BA9FB95350F104A19E61AD30D0DB34A4899B2D
                                                                                                                                                                                                                                                                                                                                                      Function 00501310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 005017F6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8a8e28b0ea7d0fcd9842fa7f549ab21da1858ef78fda2816705f478877bba99
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b9864dceb0e79ba70f9e0bc395327bbfab07143e252d92aae496a94cb6774d3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8a8e28b0ea7d0fcd9842fa7f549ab21da1858ef78fda2816705f478877bba99
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 322289706086429FC714DF14C884B6EBFF1BF85318F18891DF4968B2A2D772E945CB96
                                                                                                                                                                                                                                                                                                                                                      Function 005001E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 95788ba4eae9cb115dcf189e1acf3e182a7291ef5989617a03c981af40801c71
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16079b5989768de7003a74bd3abd54ef04e550ab1154bf15074bfd53d09011ef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95788ba4eae9cb115dcf189e1acf3e182a7291ef5989617a03c981af40801c71
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C532C034A00606DFCF24DF54C889BEEBBB1BF45318F144969E915AB2E2E731AD44CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0054D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 0054D375
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72dcf0de9ec852e0a0a1dadedc1cc9316801acc3d6a5ab6ea0218e56007e72bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 855d943d60c6344699376a843ae0c7cd0ada7216a15cc10219180e30621f820f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72dcf0de9ec852e0a0a1dadedc1cc9316801acc3d6a5ab6ea0218e56007e72bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59D0C9B9809218EBCB90CB80DC88DDDBBBCBB14305F504991F406A2140DB7495489B30
                                                                                                                                                                                                                                                                                                                                                      Function 004F3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 004F3908
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6224ff943fb7f4fc7fa7a997cc7c865654509b19da0627bffa7140f67111a10
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 75ffe02f89301cfb2f30f79de331acd1449925692acfbde470288d26e499ddc6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6224ff943fb7f4fc7fa7a997cc7c865654509b19da0627bffa7140f67111a10
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3631D170504B058FD720EF24D884BA7BBE4FB49749F00082EFA9983251E779AA48CB56
                                                                                                                                                                                                                                                                                                                                                      Function 0050F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0050F661
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004FD730: GetInputState.USER32 ref: 004FD807
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0054F2DE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17bcdfe02cca87f133b3badde27de06a5b8bb1bf05af1dd473b5a3f146b33c41
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ddca7989d9424e9ae8fb39135a134b9eed4685a07b457e0619188e88e3fb1c7d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17bcdfe02cca87f133b3badde27de06a5b8bb1bf05af1dd473b5a3f146b33c41
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EF08231244205AFD310EF69D859B6ABBE9FF55764F00002EE959D7260DB74A800CB94
                                                                                                                                                                                                                                                                                                                                                      Function 004F4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,004F4EDD,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E9C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004F4EAE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E90: FreeLibrary.KERNEL32(00000000,?,?,004F4EDD,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4EC0
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4EFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00533CDE,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E62
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004F4E74
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F4E59: FreeLibrary.KERNEL32(00000000,?,?,00533CDE,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E87
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 33567cadc3559736a15d67c546520b173f55d25d6c7b6946374efa088c82bcd3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bcdd7d6bc77b4f7cd1ba907a2acdaaec4c270f5dcc1dee7ef3c3b3ebcb13a524
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33567cadc3559736a15d67c546520b173f55d25d6c7b6946374efa088c82bcd3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD112731600209ABCB10BF61DC02FBE7BA5AF80714F10842EF646B71C1DE789E459764
                                                                                                                                                                                                                                                                                                                                                      Function 00528402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e5cfaa086d7a222c1e952dbffbc000d65fe1efedfae357622860697dd246e953
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 082fad20926c69eb69d7223b01b577125ad287d83e74747e7e3642efbeef6a2b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5cfaa086d7a222c1e952dbffbc000d65fe1efedfae357622860697dd246e953
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC11487190420AAFCF05DF98E9409AE7BF4FF49304F144059F808AB352DA30DA21CBA4
                                                                                                                                                                                                                                                                                                                                                      Function 0051E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d03c47c2122cc62064b9c27c73e0860f4307581dec9a1fb5ec985190622a2973
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DF0F936511A21A6E7313A65BC0EBD63F98BFD3374F100B15F825921D1CB70A881C6A5
                                                                                                                                                                                                                                                                                                                                                      Function 00524C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,004F1129,00000000,?,00522E29,00000001,00000364,?,?,?,0051F2DE,00523863,005C1444,?,0050FDF5,?), ref: 00524CBE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b277da0f6ff37d818e56ea6539910725da6082fa176a43b7fd447460c2f3b0d8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d888ff893b205f20a96ecaf919b331fc856b841ac174b740e77b6a88ec0fee6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b277da0f6ff37d818e56ea6539910725da6082fa176a43b7fd447460c2f3b0d8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F0E93260263567EB215F7AFC09F9A3F88BF937A0B144121BC15B62C1CA70DC019EE0
                                                                                                                                                                                                                                                                                                                                                      Function 00523820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6,?,004F1129), ref: 00523852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 90f8b6505b1732639fc522c52f318cdbc8564122b29d56c0b81c938359946cf2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad865d6f532c1a5a7ca3659fb72beee7a6791d03a7dadaec02eb50ba58210594
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90f8b6505b1732639fc522c52f318cdbc8564122b29d56c0b81c938359946cf2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFE0E53210263556E7212676BC08BDA3E59BF83BB0F160120BD159A5C1CB29DD0186E1
                                                                                                                                                                                                                                                                                                                                                      Function 004F4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4F6D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fb90f22b1a6daa0449057c20518565b53f88af32d1c210f26f38dd0b0998eef
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d7084dd8f6dbea361986a4f05d3b5b5defb084ee19577c26fdf06f741958e4c9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb90f22b1a6daa0449057c20518565b53f88af32d1c210f26f38dd0b0998eef
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCF03071505756CFDB349F64D494823BBE4BF54329310897FE6DE82621CB359888DF28
                                                                                                                                                                                                                                                                                                                                                      Function 00582A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00582A66
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bc947db62df2cd1de3aa28fabf27ab5cdc42bce46cab135a315961bff499bf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45254700a147520fd85b5a53c02a9be35787ae25dba5aad2d0220700a4dbe0ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bc947db62df2cd1de3aa28fabf27ab5cdc42bce46cab135a315961bff499bf5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EE04F76350516AAC718FA30DC948FE7F5CFF90395B104536AC2AE2110EB70999997A0
                                                                                                                                                                                                                                                                                                                                                      Function 004F30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 004F314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd0f8d9ff8f477f722120dcc95658485d95d264fbc007c315733a9fcc232525e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bdd1690961475d4ca8958c20a03d5555fd83813ec6f42d03eac9783d35eda6e4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd0f8d9ff8f477f722120dcc95658485d95d264fbc007c315733a9fcc232525e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FF0A7709003489FEB529F24DC49BDA7BBCB70170CF0000E5A64896292DB744B9CCF55
                                                                                                                                                                                                                                                                                                                                                      Function 004F2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004F2DC4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d482feaabd06241f9a37be74749a05fafa1c59015231a8d48fc93449f59757a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 417e5d9ffb9963d8a51002d53f1605a9559ffb1daafff0e7990d4f3dbaad772f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d482feaabd06241f9a37be74749a05fafa1c59015231a8d48fc93449f59757a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8E0CD766001245BC71092589C05FEA77DDDFC8790F050075FD09E7248D974AD848664
                                                                                                                                                                                                                                                                                                                                                      Function 004F2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 004F3908
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004FD730: GetInputState.USER32 ref: 004FD807
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 004F2B6B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 004F314E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 600933ce2bf0869388b08319e6d001cc562697ad7971b857fd4d394eba75ce5a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7fac817666d64708b1dad1579ea9a3a8b050021122ed13f78b462eb94510ddf0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 600933ce2bf0869388b08319e6d001cc562697ad7971b857fd4d394eba75ce5a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE0863170464D0ACA08BF76985297DB799DBE239BF40253FF74247163CE6C89498359
                                                                                                                                                                                                                                                                                                                                                      Function 0055DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0055DF40
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07dd86f9bc059a9c1ca1fbfc725a26b9928972a73795d6820b29648a66987a1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dfd3765fb51cff4af5a26622ae3274ed87250ebefcde37bdf520d5814b2ad2c2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07dd86f9bc059a9c1ca1fbfc725a26b9928972a73795d6820b29648a66987a1f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CD05EA2A003282BDF60A6759C0DDF73AACC740214F0006A1786DD3152E934ED8486B0
                                                                                                                                                                                                                                                                                                                                                      Function 0053039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,00530704,?,?,00000000,?,00530704,00000000,0000000C), ref: 005303B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07409dd25b2d8edef6ca22cdae67376db4010d7eaeeaa41d3ac7f14503eb49a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44a3621e26ba06cf05dac4bcf07655560a08893ad5be0c7967ad02054c891931
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07409dd25b2d8edef6ca22cdae67376db4010d7eaeeaa41d3ac7f14503eb49a1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58D06C3204010DBBDF028F84DD46EDA3FAAFB48714F014000BE1866020C732E821EB90
                                                                                                                                                                                                                                                                                                                                                      Function 004F1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 004F1CBC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a63f26e07b35fd0b8b42d2fc65d35b9462081890446a1d7f08075c8a2c069182
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a90d7fa9caaff05a4e8c045ac3ebd7fd49648594f0dcb7004e2a529174bcfef4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a63f26e07b35fd0b8b42d2fc65d35b9462081890446a1d7f08075c8a2c069182
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76C09B352807049FF6145780BC4AF117754A368F05F044401F609695E3C3F11414FB54

                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                      Function 00589576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0058961A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0058965B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0058969F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005896C9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 005896F2
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0058978B
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00589798
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005897AE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 005897B8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005897E9
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00589810
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00587E95), ref: 00589918
                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0058992E
                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00589941
                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0058994A
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 005899AF
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005899BC
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005899D6
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 005899E1
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00589A19
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00589A26
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00589A80
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00589AAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00589AEB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00589B1A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00589B3B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00589B4A
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00589B68
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00589B75
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00589B93
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00589BFA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00589C2B
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00589C84
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00589CB4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00589CDE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00589D01
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00589D4E
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00589D82
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509944: GetWindowLongW.USER32(?,000000EB), ref: 00509952
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00589E05
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F$p#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-2312411218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8086d5d70a7ac36cc182a0c0e5ad15767fe74b1bad7b3f1527403d8dd57a81cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8badfc9561f475c60ac917e63b0ee42ec16394514db9caec1b6a0a66564d3186
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8086d5d70a7ac36cc182a0c0e5ad15767fe74b1bad7b3f1527403d8dd57a81cc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20428E74204201AFDB24EF29CC44EBABFE5FF49310F180A19FA59AB2A1E731D854DB51
                                                                                                                                                                                                                                                                                                                                                      Function 00584873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005848F3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00584908
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00584927
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0058494B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0058495C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0058497B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005849AE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005849D4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00584A0F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00584A56
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00584A7E
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00584A97
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00584AF2
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00584B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00584B94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00584BE3
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00584C82
                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00584CAE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00584CC9
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00584CF1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00584D13
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00584D33
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00584D5A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c7903a98f9f6dad49b36ed41745593aedfdcc9c48e00107874000f16e79d3cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 84692f56d54df094ab99b6d76b13bda94f2af40562dcb3a3cd42f4333deb449d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c7903a98f9f6dad49b36ed41745593aedfdcc9c48e00107874000f16e79d3cf
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1212DD71600256ABEB24AF29CC49FAE7FA8BF85310F104529FD16EB2E1DB749944CF50
                                                                                                                                                                                                                                                                                                                                                      Function 0050F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0050F998
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0054F474
                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 0054F47D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 0054F48A
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0054F494
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0054F4AA
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0054F4B1
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0054F4BD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0054F4CE
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0054F4D6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0054F4DE
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0054F4E1
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0054F4F6
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0054F501
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0054F50B
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0054F510
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0054F519
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0054F51E
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0054F528
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0054F52D
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0054F530
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0054F557
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ec01ec42f714478a5f00584687f9b3232483ea785d12ccd1b720b570131b7065
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 040998172391237c2394a19f9a5a558464fb10adf957ae3856088f5cedf8b2e7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec01ec42f714478a5f00584687f9b3232483ea785d12ccd1b720b570131b7065
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61313D71A40218BBEF206BB99C4AFBF7E6CEB44B54F101465FA05F61D1DAB15900BBB0
                                                                                                                                                                                                                                                                                                                                                      Function 00551201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0055170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0055173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: GetLastError.KERNEL32 ref: 0055174A
                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00551286
                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 005512A8
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005512B9
                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 005512D1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 005512EA
                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 005512F4
                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00551310
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005511FC), ref: 005510D4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510BF: CloseHandle.KERNEL32(?,?,005511FC), ref: 005510E9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0$Z[
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-259235808
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b7455ed7895d2922cfb73af3ff5ec82fa26dee9399c8e68ad5e115b055ddbc3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 360275e3d7ec76c7616555425b1c3f517c71c40eed1c06711303305efabe5c1d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b7455ed7895d2922cfb73af3ff5ec82fa26dee9399c8e68ad5e115b055ddbc3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70816571900209ABDF209FA8DC59BEE7FB9BF04705F14612AFD10B62A0E7759948DB24
                                                                                                                                                                                                                                                                                                                                                      Function 00550B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00551114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 0055112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0055114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00550BCC
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00550C00
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00550C17
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00550C51
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00550C6D
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00550C84
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00550C8C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00550C93
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00550CB4
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00550CBB
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00550CEA
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00550D0C
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00550D1E
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550D45
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550D4C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550D55
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550D5C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550D65
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550D6C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00550D78
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550D7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: GetProcessHeap.KERNEL32(00000008,00550BB1,?,00000000,?,00550BB1,?), ref: 005511A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00550BB1,?), ref: 005511A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00550BB1,?), ref: 005511B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c44276eb4fac266633b55dd2a34adf8fa35e7d0cdae396a28edd838bbb3c58d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70c9e8708403bf03fa38cba8f220288fc617fb1fdcced115bb38d29f21cb7547
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c44276eb4fac266633b55dd2a34adf8fa35e7d0cdae396a28edd838bbb3c58d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C371577290020AABDF109FE4DC88BEEBFB8BF14341F145516ED14A6291D771AA09DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0056EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0058CC08), ref: 0056EB29
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0056EB37
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0056EB43
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0056EB4F
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0056EB87
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0056EB91
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0056EBBC
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0056EBC9
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0056EBD1
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0056EBE2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0056EC22
                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0056EC38
                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 0056EC44
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0056EC55
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0056EC77
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0056EC94
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0056ECD2
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0056ECF3
                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 0056ED14
                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0056ED59
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af8b1245ade00d29506a559efbe5230bc7c1c6554807a8b16f0d834335bec98b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9c863b0a1d42e8128807c07a7bd9fd3fca913266d42b9985edf0ac3a1d34a2e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af8b1245ade00d29506a559efbe5230bc7c1c6554807a8b16f0d834335bec98b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D6100382042019FD300EF25D88AF3A7FA4BF94748F14551DF986A72A2DB31DD0ADB62
                                                                                                                                                                                                                                                                                                                                                      Function 0056698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 005669BE
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00566A12
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00566A4E
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00566A75
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00566AB2
                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00566ADF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a9cfee667905e759562fe046a914ee5cfa400e927ffbfaa52a6c07a674d61ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50612131807932c9ea45901f6ce7e2af5916cb9e625fbc59b59dd6b9396f9ccf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a9cfee667905e759562fe046a914ee5cfa400e927ffbfaa52a6c07a674d61ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DD13D71508344AEC310EBA5C985EBBB7ECBF98704F04491EF685D7191EB78DA44CB62
                                                                                                                                                                                                                                                                                                                                                      Function 00569642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00569663
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 005696A1
                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 005696BB
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 005696D3
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005696DE
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 005696FA
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0056974A
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(005B6B7C), ref: 00569768
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00569772
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0056977F
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0056978F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 208f74cdc018d7eeda537fc60075144dfafdaa4470b23e06f6d9dbbfadbd25b6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 613d1e513d4398a799695c2475fd3ba9b1659701256e6cd2ea3d0d21b45dafe0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 208f74cdc018d7eeda537fc60075144dfafdaa4470b23e06f6d9dbbfadbd25b6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1431A4365402196ADF14AFB4DC49AEE7FACFF4A320F104155E916E3090EB34DD848B64
                                                                                                                                                                                                                                                                                                                                                      Function 0056979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 005697BE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00569819
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00569824
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00569840
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00569890
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(005B6B7C), ref: 005698AE
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 005698B8
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005698C5
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 005698D5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0055DB00
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c477027f7297f15f8b07920eebcb0ede236dd4998c0e008ce15b58bffcbc289a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30d22dbda37ac4702e7fcd070c359d3ade509e71e17cbb0fddf16270ca085041
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c477027f7297f15f8b07920eebcb0ede236dd4998c0e008ce15b58bffcbc289a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B31C33250021AAADB10AFB4EC48ADE7FACBF4A320F104155E951A30D0DB30DD89CB60
                                                                                                                                                                                                                                                                                                                                                      Function 0055D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004F3A97,?,?,004F2E7F,?,?,?,00000000), ref: 004F3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E199: GetFileAttributesW.KERNEL32(?,0055CF95), ref: 0055E19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0055D122
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0055D1DD
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0055D1F0
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 0055D20D
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0055D237
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0055D21C,?,?), ref: 0055D2B2
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 0055D253
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0055D264
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d212bbb0a37d72dfe8ebecd31127a86e776290398abaf14b6031e59689cba09
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9a382211de712b2799bb90ac18d6f7fa9564648cd5522c20675f4a310246c00
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d212bbb0a37d72dfe8ebecd31127a86e776290398abaf14b6031e59689cba09
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1619B7280110DAACF15EBE1C9A29FDBBB5BF54345F24406AE90277191EB346F0DDB60
                                                                                                                                                                                                                                                                                                                                                      Function 0056ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 484c88fbfcdd7376e95b253a46c926bf3ef31241ff55a18ceb9b2f26f58d38d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d4814f4cc6aa0f270039c8cacc97e42a5bbedbb4bc6f1f5c6f35b846bd635439
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 484c88fbfcdd7376e95b253a46c926bf3ef31241ff55a18ceb9b2f26f58d38d7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0741BF39205611AFE310CF1AD889B29BFE5FF54318F14C49DE8559B6A2C736EC45CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0055E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0055170D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0055173A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005516C3: GetLastError.KERNEL32 ref: 0055174A
                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 0055E932
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38d2237c648123ea6380c07b11b3e0034bba17fe3c110107bc8c81ecc0301cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e02ccffd6f80384badbd461bab4c9313378efcea3054904244ee3a85c3d6a46
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38d2237c648123ea6380c07b11b3e0034bba17fe3c110107bc8c81ecc0301cce
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10012B72A10211ABEB1826B4ACABFBF7EBCBB14742F140823FC03F21D1D5605D4C82A4
                                                                                                                                                                                                                                                                                                                                                      Function 00571204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00571276
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571283
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 005712BA
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005712C5
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005712F4
                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00571303
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0057130D
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0057133C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fca77574cad89dc30182c92e372d5ed3016a420c82386edea5f5f50f018e4d26
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c5d9ea76e231cc06d28e788fa0e18bae7de97c418bc0f3ed7cf1eae3ccdcf294
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fca77574cad89dc30182c92e372d5ed3016a420c82386edea5f5f50f018e4d26
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA419E35600500AFD710DF29D488B29BBE6BF46318F18C089E95A9F293C775ED85DBE1
                                                                                                                                                                                                                                                                                                                                                      Function 0052B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052B9D4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052B9F8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052BB7F
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00593700), ref: 0052BB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,005C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0052BC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,005C1270,000000FF,?,0000003F,00000000,?), ref: 0052BC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052BD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f91cbddb864d597e4820a6856b3c00d5357c5de5f37ed73cc24890ea7fa9a64
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21fdf80a80124c7d4f726aaa28ae059ede766fa09ea6fcd5fe418db4ab7733eb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f91cbddb864d597e4820a6856b3c00d5357c5de5f37ed73cc24890ea7fa9a64
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02C15775904226AFEB20DF69A845BAE7FB8FF93310F14459AE490D72D2DB308E41C750
                                                                                                                                                                                                                                                                                                                                                      Function 0055D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004F3A97,?,?,004F2E7F,?,?,?,00000000), ref: 004F3AC2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E199: GetFileAttributesW.KERNEL32(?,0055CF95), ref: 0055E19A
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0055D420
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 0055D470
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0055D481
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0055D498
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0055D4A1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 69fe4d658b9a71738d7a8b47d96ee712f5bcf1b725726ff4d6a087e2898c2c8d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d1b16761b6a5eb6fcac17e8cd2a52b35030be16440ab5b5fe25cdf948142b26
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69fe4d658b9a71738d7a8b47d96ee712f5bcf1b725726ff4d6a087e2898c2c8d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8031D0720083459BC710EF65C8518BF7BE8BE91345F444E1EF9D292191EB74AA0DC767
                                                                                                                                                                                                                                                                                                                                                      Function 0052E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4084081dcb3f9a4074d340d187b5b1dbea475fc33a4300e74d9285b0a1e2bc93
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0574f376bc33559cc09ba7efaf3c72985f5f3345e9a121b983aa28ee6671ae3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4084081dcb3f9a4074d340d187b5b1dbea475fc33a4300e74d9285b0a1e2bc93
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DDC24A72E046298BDB25CE28ED457EABBB5FF46304F1445EAD44DE7280E774AE818F40
                                                                                                                                                                                                                                                                                                                                                      Function 0056648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005664DC
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00566639
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0058FCF8,00000000,00000001,0058FB68,?), ref: 00566650
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005668D4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf2ecfacbea9997c62521caa35700f6af093b76c48b08ecbc1486f9c2e96a4f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ffdec1bd3aac3a10d7f4459adaa38860b2d8eb9ffe59c6413c08c81d578e163
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf2ecfacbea9997c62521caa35700f6af093b76c48b08ecbc1486f9c2e96a4f5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9D15B715083059FC314EF25C881A6BBBE8FF94708F40495DF5958B291DB74ED09CBA6
                                                                                                                                                                                                                                                                                                                                                      Function 005722DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 005722E8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056E4EC: GetWindowRect.USER32(?,?), ref: 0056E504
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00572312
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00572319
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00572355
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00572381
                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 005723DF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 477f10ccaefb0224d5e0d95753b43118f720993409c2da4e824c673910a2ddb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 228501f41f8024cb7aabebbf58eb37b14acb1b64d59ed46e96a41f273e9a2b68
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 477f10ccaefb0224d5e0d95753b43118f720993409c2da4e824c673910a2ddb8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0331CF72505315AFDB20DF14D849E5BBBEAFF84310F004919F989A7281DB34EA08DBA2
                                                                                                                                                                                                                                                                                                                                                      Function 00569B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00569B78
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00569C8B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00563874: GetInputState.USER32 ref: 005638CB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00563874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00563966
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00569BA8
                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00569C75
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b3696b8453c7c61586db5ff011a7d95b10be52ba9ce9b4b51e4694a41be798fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0041019bb69537032638fdd6ef0e0350f21860ee22d33e6bc3b2c5aeacd504af
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3696b8453c7c61586db5ff011a7d95b10be52ba9ce9b4b51e4694a41be798fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37416D7190420A9FDF54EF64C989AEEBFB8FF45350F24415AE905A3191EB309E84CF64
                                                                                                                                                                                                                                                                                                                                                      Function 0050997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 00509A4E
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00509B23
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00509B36
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 77c3f0da21d947b32eb7fdcb0132281faf73f662c650e8f40d4e0c5a136efba6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a05933772db113d86424fc13b61e01a0e961a1ddc41084cc81caf413ea11210a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77c3f0da21d947b32eb7fdcb0132281faf73f662c650e8f40d4e0c5a136efba6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EA1F870209848AEE728AA2C8C9DEBF3E9DFBCA354F150509F502D65DBCB259D01D376
                                                                                                                                                                                                                                                                                                                                                      Function 00571806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057304E: inet_addr.WSOCK32(?), ref: 0057307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057304E: _wcslen.LIBCMT ref: 0057309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 0057185D
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571884
                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 005718DB
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005718E6
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00571915
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d28d216abf4c507d295aaf79d43bcb78e6ee688d44bec9f2f194e70b2c55d326
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b8f170ca0c9e89e40aeff75c572b1e10bf6cc9aefd933504ab70a79680a0fae7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d28d216abf4c507d295aaf79d43bcb78e6ee688d44bec9f2f194e70b2c55d326
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3551C471A00204AFDB10AF24D886F3A7BE5AB45718F04C49DFA0A6F3C3C775AD419BA5
                                                                                                                                                                                                                                                                                                                                                      Function 00581C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 808219bd866d8e3aba9a68c6f19b26756023bc4521380fd7a1be20767668b9b3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd525d92ac54a05b724b984a5be2cbd3afe6f4dc72e596eb648ced7b88ab387a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 808219bd866d8e3aba9a68c6f19b26756023bc4521380fd7a1be20767668b9b3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1921B131740A015FD720AF2AC884B2A7FA9FF95314F188068EC46EB351CB71DC42CBA8
                                                                                                                                                                                                                                                                                                                                                      Function 004F8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e2c7f89e1180f2c89e92ad5b1c9f51e92e86345f9554e1e33f0b69fe467bd10
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac936fad0e8b8bf15de6b3cff76a12022a8b914b6615cfc1e76f3f01fe161ac5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e2c7f89e1180f2c89e92ad5b1c9f51e92e86345f9554e1e33f0b69fe467bd10
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A28C70E0061ECBDF24CF58C9407BEBBB1BB54314F2485AEE915AB285EB349D81CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00558298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 005582AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($tb[$|
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-2831977410
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 455d82145e6eb93601761f862a04c7e543c4852389cfd81a7286ecb34afbb471
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 35cbe7622ff111772426a916dcb47a00c21db72afd178bd125b95788ad4231f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 455d82145e6eb93601761f862a04c7e543c4852389cfd81a7286ecb34afbb471
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7322A75A00605DFCB28CF59C49196ABBF0FF48710B15C96EE85AEB7A1DB70E941CB40
                                                                                                                                                                                                                                                                                                                                                      Function 0055AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0055AAAC
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 0055AAC8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0055AB36
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0055AB88
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b6efa61e68f316ac4881997434c16182a34bb66f8bb0e745bd9be57ab8e1eb3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f11efe58849c043f9ff2549e3ea12e83e698c198ab66e589a4d1986dc5116fd8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b6efa61e68f316ac4881997434c16182a34bb66f8bb0e745bd9be57ab8e1eb3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74310930A40248AEFF358A69CC25BFA7FA6BB44322F04431BF981561D1D7758989D7A2
                                                                                                                                                                                                                                                                                                                                                      Function 0056CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0056CE89
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0056CEEA
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0056CEFE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 964e0d7953fc529c02c0d091e5e06e4399ff7814b0f754a57ab76e714c18cf2e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94441f6e2ad5bce96739c092cc27db213b8da93442dbeb8ea40098b041f27417
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 964e0d7953fc529c02c0d091e5e06e4399ff7814b0f754a57ab76e714c18cf2e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821AC716003059BEB219F65C988BAABFFCFB50314F10481EEA86E3151E771EE48DB60
                                                                                                                                                                                                                                                                                                                                                      Function 00522622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0052271A
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00522724
                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00522731
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f3ac67ac2b16c96ce179e3cf6e504181ac2920374eb19d071f34c50285c3449
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 125cdfa55fdf15b27a3427c83d977b2fe0c65d7f3bd10716ddb1ea9962d295ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f3ac67ac2b16c96ce179e3cf6e504181ac2920374eb19d071f34c50285c3449
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A31C574901229ABCB21DF64D8887DDBBB8BF18310F5051DAE81CA62A0E7709F858F44
                                                                                                                                                                                                                                                                                                                                                      Function 005651CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005651DA
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00565238
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 005652A1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e309d0ea7dfd5c13e8506a15fadc3f6279af5754b39747c3eb305357565383b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7e37c8c16acd6de7e500b7ec722c9edb433b00313034b074a5b3e69adb1140c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e309d0ea7dfd5c13e8506a15fadc3f6279af5754b39747c3eb305357565383b9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82315075A00518DFDB00DF55D8D4EADBBB4FF48318F048099E905AB392DB35E859CB61
                                                                                                                                                                                                                                                                                                                                                      Function 005516C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00510668
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00510685
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0055170D
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0055173A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0055174A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0bd8c97dac0b973c97f74b851b1177e549340b2ea50df835c112f7f31a7b4a14
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 38c410f6f81f2aa1b49683e34f2d4a5bff4286268f26ea03598439b8eb367895
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bd8c97dac0b973c97f74b851b1177e549340b2ea50df835c112f7f31a7b4a14
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 801131B2400305AFD3289F64EC8AE6FBFB9FB44710B20842EE45253281EB30BC458B20
                                                                                                                                                                                                                                                                                                                                                      Function 0055D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0055D608
                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0055D645
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0055D650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c67e1cc18d603d35a88a3ba19ba89c4e18345e9b5e9af52980658b288041a7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d179b7523f86470893b6af9c15fd193750051987ab0fe92abccd16544b5097f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c67e1cc18d603d35a88a3ba19ba89c4e18345e9b5e9af52980658b288041a7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D113C76E05228BBDB208F959C45FAFBFBCEB45B50F108156FD04E7290D6704A059BA1
                                                                                                                                                                                                                                                                                                                                                      Function 00551663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0055168C
                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 005516A1
                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 005516B1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ab25ee6d9d8e3331b2f79199d1ed7624a7957b660d72f7c42a42353895ea2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 727d2a06b86daeb6e9894869cd07f53470f43b996da0c9e1405862433dffa455
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ab25ee6d9d8e3331b2f79199d1ed7624a7957b660d72f7c42a42353895ea2fd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3F04471940308FBDB00CFE09C89EAEBBBCFB08240F104461E900E2180E330AA089B60
                                                                                                                                                                                                                                                                                                                                                      Function 0052C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5420f798f68627fd38f3a76b9d185aa0e19d6e42b51d7cb0b6b9602d7901acb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1468d3c04bcc6ccddc08f6b6d99d1fd7c4afc0010617c60efb8ff144956c4cff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5420f798f68627fd38f3a76b9d185aa0e19d6e42b51d7cb0b6b9602d7901acb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C411476500229ABCB20DFB9EC88EAF7F78FF85314F104A69F905971C1E6709D818B50
                                                                                                                                                                                                                                                                                                                                                      Function 0051CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d28e11acbf6a6ba890ff45c684f0cbf64fa0f452e25c032f6bddcc69b4285617
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B020B71E402199BDF14CFA9D8806EDBFB5FF88314F254669D819EB280D731AD418B94
                                                                                                                                                                                                                                                                                                                                                      Function 005668EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00566918
                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00566961
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5ba9897e04eca03d5d8c67e5864720aee34e83e5e7e71bd3463d2900358b59c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d04006ffa955d88646f53acea96fad26b4318185fe53f47fdb791e71216f6588
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5ba9897e04eca03d5d8c67e5864720aee34e83e5e7e71bd3463d2900358b59c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB11D0356042059FC710CF2AC484A26BBE4FF84328F04C69DE86A8F6A2C734EC05CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 005637B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00574891,?,?,00000035,?), ref: 005637E4
                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00574891,?,?,00000035,?), ref: 005637F4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 901cfc459a0619a65df2fe487b254d9ec92966a09c7504fc459039b3f3075614
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5bdfa9813a393db18d84b447858abe6a9a68c48e9da2f6468916b3cc93045b5e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 901cfc459a0619a65df2fe487b254d9ec92966a09c7504fc459039b3f3075614
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CF0E5B06042292AE72057769C4DFEB3FAEEFC4761F000165F509E3281DA709E08C7B0
                                                                                                                                                                                                                                                                                                                                                      Function 0055B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0055B25D
                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0055B270
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bcc8506a8a4ccb3dc3f26727125661cd1c5ef227069a129c513e0596c7113bed
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50f38cbf51f235315015f8e156a5564a5b6091a781f32c4676aad6c3ec31151d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcc8506a8a4ccb3dc3f26727125661cd1c5ef227069a129c513e0596c7113bed
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19F01D7580424DABEF059FA0C805BAE7FB4FF04305F00940AFD55A5191C77986159FA4
                                                                                                                                                                                                                                                                                                                                                      Function 005510BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005511FC), ref: 005510D4
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,005511FC), ref: 005510E9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e9d0bc3db0e4403cdc576c35a7ed2ec0f421d842a637a3b9650c27213e8f7ff2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 55fca517204bcf1f3de473feca441caba76fec49d35610c263f1837d4a4d4afa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9d0bc3db0e4403cdc576c35a7ed2ec0f421d842a637a3b9650c27213e8f7ff2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DE04F32004601EFE7252B61FC09E777FA9FB04310B24882EF8A5804F1DB72AC90EB64
                                                                                                                                                                                                                                                                                                                                                      Function 0052676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00526766,?,?,00000008,?,?,0052FEFE,00000000), ref: 00526998
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5735c6b8d07b6dc01538a03640ff1eb5a94e6f746db688e65fa4fc5607ad1419
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e9b2390d32cc2002737ff259914b2f4fdd46ecefee6b4216d1c47e29c98a005
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5735c6b8d07b6dc01538a03640ff1eb5a94e6f746db688e65fa4fc5607ad1419
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FB126326106189FD719CF28D48AB657FE0FF46364F298658E899CB2E2C735E981CB40
                                                                                                                                                                                                                                                                                                                                                      Function 0050B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fb3ec338bd9b58d09fe2003b3b097d9243b8fa7a911041642adf778958b8b957
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7810d02313d0877da75020a16ce36474b6257511fc46d7705d388408585b7a72
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb3ec338bd9b58d09fe2003b3b097d9243b8fa7a911041642adf778958b8b957
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F124F759002299BDF24CF58C8806FEBBF5FF48714F14859AE849EB295DB349E81CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0056EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 0056EABD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 95ac85ba448378a2fc3bcf5329e4bdf3d51fcbf8c6c5303ac0cfaedc685ce9ae
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1df2e6c93890ce5c2c3f000b5c768f8e59c853b898c8a57e9afcb58b9e0010da
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95ac85ba448378a2fc3bcf5329e4bdf3d51fcbf8c6c5303ac0cfaedc685ce9ae
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCE048352002049FC710DF9AD445D5AFBD9FF59764F00841AFD45D7351D774E8408BA1
                                                                                                                                                                                                                                                                                                                                                      Function 005109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,005103EE), ref: 005109DA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 106a2db3b86a3cf661ecdbee02ab460a9eb2dd11395c310717ebe81f5c1cb449
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 306917d2c7110a2784015172e7b02c8ce4bf165e56e6fea7fd828cf5a91b763e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 106a2db3b86a3cf661ecdbee02ab460a9eb2dd11395c310717ebe81f5c1cb449
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                      Function 0051781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 086e08a61e4b734b7ddf22edbc55a9a81b4bd125a9a8e96bd5a0e2bcef22e142
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6751686160C60E7BFB38552C885D7FE2FB9BB5E340F180909E882D7282C615DECAD356
                                                                                                                                                                                                                                                                                                                                                      Function 00562046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0&\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2049548921
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50e7a0dc6b188c77bd6cf3dbf9a064542e235aed4876f65ffbf7b66307dda6c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a80ca7d95e4c498576f3a3afff1382395d4e7093bac71858b085d65ea63e959c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50e7a0dc6b188c77bd6cf3dbf9a064542e235aed4876f65ffbf7b66307dda6c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A21D8322209158BD728CF79C81767A77E5B764320F14862EE4A7C33D0DE35A944D750
                                                                                                                                                                                                                                                                                                                                                      Function 00526DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6fceacffc98bd44506886070a8b3e3812551ab4eae7fd5e0390d91affe98c49
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c24fe40d2ef066d89852fc5342de15b3f80cecda8de7b0818145755a714afa4f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6fceacffc98bd44506886070a8b3e3812551ab4eae7fd5e0390d91affe98c49
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99324531D29F154ED7239634D862335AA8CBFBB3C5F15C737E81AB59A6EB28C4835140
                                                                                                                                                                                                                                                                                                                                                      Function 0050CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 86ee2720cb9d1c3b8caf3bd3f366d662a3e7e6b045d97cd9a2c7ad2bb41e3f99
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c0fa8a816b4cef4998cb3d260f7980fed130c66be24be43f202af6daf81673a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86ee2720cb9d1c3b8caf3bd3f366d662a3e7e6b045d97cd9a2c7ad2bb41e3f99
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04321531A011558BDF68CF29C4D46FD7FA1FBC6308F29866AD46A9B6D2D230DD81DB40
                                                                                                                                                                                                                                                                                                                                                      Function 004F7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df0f95a5f712b4f7c07616214dd4daf0a5caf0413d4a56c8d5011c3c7e046802
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e8ec002c85887839be9a644e5f343fea2dd7cbb36618b0e50ad0e58eb10d5e5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df0f95a5f712b4f7c07616214dd4daf0a5caf0413d4a56c8d5011c3c7e046802
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6822D3B0A0060ADFDF14CF65C841ABEBBF6FF44304F10462AE816A7291EB39AD55CB55
                                                                                                                                                                                                                                                                                                                                                      Function 004F91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f31f57dfcdfba65de14ad1f8449c98a2fce19a42a05d5dfc44aba120a59446f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3cec12e546cd06e830e659d8162d3a7eaa08ff90066870eb0a12f69d98e21e4d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f31f57dfcdfba65de14ad1f8449c98a2fce19a42a05d5dfc44aba120a59446f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7302F7B0E0010AEBDF04DF54D886AAEBBF5FF44300F118569E9069B2D1EB35AE51CB95
                                                                                                                                                                                                                                                                                                                                                      Function 00511C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c0d328e2d3c23ffa0935ee8ce228ebce553c421d0f0b2e6254ed0164b5e923c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D49189722084A34AFB29467E95740BEFFE17A923A131A0BDDD5F2CA1C1FE14C9D4D624
                                                                                                                                                                                                                                                                                                                                                      Function 005119B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a360573c14f9f5609691cfb49f52d29809ea8dd2fe21bd6448a8ffe05aa1b668
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C791767220D8A34AFB2D427A85740BDFFE16A923A171A0BDDD5F2CA1C1FE14C9D4D624
                                                                                                                                                                                                                                                                                                                                                      Function 00517A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8186835c186e524b2de7bef5876e9fed50f5aafe3f71712f2140876f46cc0b13
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 125c189becc9b84b9963ddf37d3ab6187d50b6cc3f5a574eef4ddbe4b5ce3110
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8186835c186e524b2de7bef5876e9fed50f5aafe3f71712f2140876f46cc0b13
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD61276160C70E56FA34992C8899BFE6FB5FF8D704F240D19E842DB281EB119EC2C355
                                                                                                                                                                                                                                                                                                                                                      Function 00511706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30a39975a915a35087dbf166de175157a04e1a465eaa1a2155836e99b125ac48
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B38186326094A309FB6D423E85744BEFFE17A923A131A47DDD5F2CB1C1EE24C994D624
                                                                                                                                                                                                                                                                                                                                                      Function 00543CD2 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e97d0ab2cc05158fbe04265e9183b2d30fbe1822180991ef35a2da36fb986d17
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c7d043a4b3f54770baf1f83c3ef75723afd30b69fb0a7336f0b85b43ddee364
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e97d0ab2cc05158fbe04265e9183b2d30fbe1822180991ef35a2da36fb986d17
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A610974909281AFD725CB1484D4DE7BFE1BF4631871A84FFD9860B2A3D630DA4ACB06
                                                                                                                                                                                                                                                                                                                                                      Function 00572ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00572B30
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00572B43
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00572B52
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00572B6D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00572B74
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00572CA3
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00572CB1
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572CF8
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00572D04
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00572D40
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572D62
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572D75
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572D80
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00572D89
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572D98
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00572DA1
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572DA8
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00572DB3
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572DC5
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0058FC38,00000000), ref: 00572DDB
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00572DEB
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00572E11
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00572E30
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00572E52
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0057303F
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 725c5e7fb5d8c8846d38c545ff46ba9a3112a0ab2061161f09de8a0c6730631b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbfe4691f67fae53626a7bcbc6aa04da8d6b7563fb061073c1092ef81b999eb9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 725c5e7fb5d8c8846d38c545ff46ba9a3112a0ab2061161f09de8a0c6730631b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42028971900208AFDB14DF64DC89EAE7FB9FB49714F008519F919AB2A1DB74ED04DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005870D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0058712F
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00587160
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0058716C
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00587186
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00587195
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005871C0
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 005871C8
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 005871CF
                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 005871DE
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005871E5
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00587230
                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00587262
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00587284
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: GetSysColor.USER32(00000012), ref: 00587421
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: SetTextColor.GDI32(?,?), ref: 00587425
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: GetSysColorBrush.USER32(0000000F), ref: 0058743B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: GetSysColor.USER32(0000000F), ref: 00587446
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: GetSysColor.USER32(00000011), ref: 00587463
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00587471
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: SelectObject.GDI32(?,00000000), ref: 00587482
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: SetBkColor.GDI32(?,00000000), ref: 0058748B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: SelectObject.GDI32(?,?), ref: 00587498
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005874B7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005874CE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005874DB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ebae15373eeaeb8a68c6392fa0ac6b2d54e67bc9e96572c452b13431cd2ac577
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1494d040624d8fd7d4d17102c9ffa35ea2dc20279e087291377b247b6adce027
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebae15373eeaeb8a68c6392fa0ac6b2d54e67bc9e96572c452b13431cd2ac577
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58A1A172008305AFDB00AF64DC48E5B7FA9FF99320F201A19FD62A61E1D731E948DB61
                                                                                                                                                                                                                                                                                                                                                      Function 00508D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 00508E14
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 00546AC5
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00546AFE
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00546F43
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00508F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00508BE8,?,00000000,?,?,?,?,00508BBA,00000000,?), ref: 00508FC5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 00546F7F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00546F96
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00546FAC
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 00546FB7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2990dc3628944cd732639bc4e6ec3951574d36625858f432fbb2bac03365af6b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59e643af14b9b19bb9fa590f839974e9668460f12cd6cdaa446591eba5309df9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2990dc3628944cd732639bc4e6ec3951574d36625858f432fbb2bac03365af6b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7129B30600601EFDB25CF14C888FBABFE9FB56304F184469E5859B2A2CB31EC55EB52
                                                                                                                                                                                                                                                                                                                                                      Function 00572711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0057273E
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0057286A
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 005728A9
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 005728B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00572900
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0057290C
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00572955
                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00572964
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00572974
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00572978
                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00572988
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00572991
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0057299A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 005729C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 005729DD
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00572A1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00572A31
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00572A42
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00572A77
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00572A82
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00572A8D
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00572A97
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bccc4ccaabc2d908c4cf877bfba649baf06854a3009f480614dd3f36e4a7d6b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c96318fbd0913d8fa37d4068fc28239dcc34f8655c0a166698e7b3553500aad0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bccc4ccaabc2d908c4cf877bfba649baf06854a3009f480614dd3f36e4a7d6b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53B1AB71A00609AFEB14CF68DC89EAE7BB9FB08714F008519FA14E7291D774ED04DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00564ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00564AED
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0058CB68,?,\\.\,0058CC08), ref: 00564BCA
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0058CB68,?,\\.\,0058CC08), ref: 00564D36
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab83aea665890af6b409d5ed8bbf296eaa298125b09a75fb52a0580061f7fd5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: abdd9e493615c8b156ab474982c61aa77b225ac8f769d5e59f4e09800ef7c190
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab83aea665890af6b409d5ed8bbf296eaa298125b09a75fb52a0580061f7fd5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9561BF7170520A9FDB14DF28CA829B97FB0BF44344B24881AF806AB791DB3AED41DF51
                                                                                                                                                                                                                                                                                                                                                      Function 005873E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00587421
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00587425
                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0058743B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00587446
                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0058744B
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00587463
                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00587471
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00587482
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0058748B
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00587498
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 005874B7
                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005874CE
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 005874DB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0058752A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00587554
                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00587572
                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0058757D
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0058758E
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00587596
                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,005870F5,000000FF,?,00000000), ref: 005875A8
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005875BF
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005875CA
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005875D0
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005875D5
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 005875DB
                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 005875E5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db666de7f5149e4eea08f2652698b28d50ec6abc59a914a6e52e6b47e3a164d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b635b8c66577df2e196505c068f638275697f09e310577eb4aff8e614c734e25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db666de7f5149e4eea08f2652698b28d50ec6abc59a914a6e52e6b47e3a164d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0615D72900218AFDF01AFA4DC49EAE7FB9FB08320F215515FD15BB2A1D7749940DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00580FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00581128
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0058113D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00581144
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00581199
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 005811B9
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005811ED
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0058120B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0058121D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00581232
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00581245
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 005812A1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005812BC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005812D0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 005812E8
                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0058130E
                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00581328
                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 0058133F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 005813AA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 58c2ab1fc626194ab36d0b04000afd8c8a1df2da4e4b80165153ad61eed0dfdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4507934843dcfdd9400fe17f2d55cae5e0ccc6125893996c40aeae0caf64900
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58c2ab1fc626194ab36d0b04000afd8c8a1df2da4e4b80165153ad61eed0dfdb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7B18F71604741AFD700DF65C888B6ABFE8FF84354F00891DF99AAB261DB31E845CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 00580241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 005802E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0058031F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580389
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005803F1
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580475
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 005804C5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00580504
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F9F2: _wcslen.LIBCMT ref: 0050F9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00552258
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0055228A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5fd080525d0c3fadb134f19d87d40cebf4b0af2879ea46f561e70a0c22fb0646
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bafc90c196e7423504a117b36408cd9710611ddd8b73524445f07f8c1ead7a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fd080525d0c3fadb134f19d87d40cebf4b0af2879ea46f561e70a0c22fb0646
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE1BD312082059FCB54EF25C45183ABBE2BFC8358B14596DFC96AB2E1DB34ED49CB91
                                                                                                                                                                                                                                                                                                                                                      Function 00508891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00508968
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00508970
                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0050899B
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 005089A3
                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 005089C8
                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 005089E5
                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 005089F5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00508A28
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00508A3C
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 00508A5A
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00508A76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00508A81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetCursorPos.USER32(?), ref: 00509141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: ScreenToClient.USER32(00000000,?), ref: 0050915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetAsyncKeyState.USER32(00000001), ref: 00509183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetAsyncKeyState.USER32(00000002), ref: 0050919D
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,005090FC), ref: 00508AA8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13fd811e8c9d6bb989c059b4c76472d709e99b95e08ffca2a823750104550b1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 578b379737658c818a38a3891e20c6e24ce9840c99875cfdfc772fb2456fb907
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13fd811e8c9d6bb989c059b4c76472d709e99b95e08ffca2a823750104550b1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CB16871A0020A9FDF14DFA8CC49FAE3FA5FB49314F104629FA15A7290DB74E840DB65
                                                                                                                                                                                                                                                                                                                                                      Function 00550D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00551114
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551120
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 0055112F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551136
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0055114D
                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00550DF5
                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00550E29
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00550E40
                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00550E7A
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00550E96
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00550EAD
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00550EB5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00550EBC
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00550EDD
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00550EE4
                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00550F13
                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00550F35
                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00550F47
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550F6E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550F75
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550F7E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550F85
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00550F8E
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550F95
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 00550FA1
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00550FA8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: GetProcessHeap.KERNEL32(00000008,00550BB1,?,00000000,?,00550BB1,?), ref: 005511A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00550BB1,?), ref: 005511A8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00550BB1,?), ref: 005511B7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b75120dbce42a3f9311cb501d3cfeedefc3d704784644980b58e8985d887d96
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8b3512bf88941d0e66f2c0694e97605ff2cfbbee53337223d64fe05573d9cef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b75120dbce42a3f9311cb501d3cfeedefc3d704784644980b58e8985d887d96
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC71487290020AEBDB209FA4DC89BAEBFB8BF14342F145116ED19B6191D7319A09CB70
                                                                                                                                                                                                                                                                                                                                                      Function 0057C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0057C4BD
                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0058CC08,00000000,?,00000000,?,?), ref: 0057C544
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0057C5A4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057C5F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057C66F
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0057C6B2
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0057C7C1
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0057C84D
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0057C881
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0057C88E
                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0057C960
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d5f7a31667817a1de6a26de4c088185f1df5fc73b576b2f8d7e82e06af721b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 639884e61fdb83abf5ab008975249f0d9fdec3260f4efcfd6322ab869e41607f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d5f7a31667817a1de6a26de4c088185f1df5fc73b576b2f8d7e82e06af721b8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18127831204201AFDB14DF15D885A2ABBE5FF88358F04885DF98A9B3A2DB35FC45DB85
                                                                                                                                                                                                                                                                                                                                                      Function 0058091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 005809C6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580A01
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00580A54
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580A8A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580B06
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00580B81
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F9F2: _wcslen.LIBCMT ref: 0050F9FD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00552BFA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be35b8f69c470c4394506eff390201a59faf313140a224d5b60e22fd2bfe4142
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8c13c359d4ea6e2df8c9fad8b33dc3f0fb82d427809855e3bae1af2811dd4d9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be35b8f69c470c4394506eff390201a59faf313140a224d5b60e22fd2bfe4142
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55E1AA312083029FC754EF25C45196EBBE1BF98358F14995DF896AB3A2DB30ED49CB81
                                                                                                                                                                                                                                                                                                                                                      Function 0057C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b4d25b5260cd80bb013cbf4fca16dbf60fbdab22656f487c73623598bfd0972
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 795f0919b22fdc69ce3c4e789ffbd221f5bd39084191ee1705772777b873e531
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b4d25b5260cd80bb013cbf4fca16dbf60fbdab22656f487c73623598bfd0972
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E671173261012B8BCB20DE7CE8415FE3F95BBA4754B65852CF86E97284EA30DD84E390
                                                                                                                                                                                                                                                                                                                                                      Function 0058833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0058835A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0058836E
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00588391
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005883B4
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005883F2
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00585BF2), ref: 0058844E
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00588487
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005884CA
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00588501
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0058850D
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0058851D
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,00585BF2), ref: 0058852C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00588549
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00588555
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a7d777b8b2838e2c4e84804e4718e2ddfa1b4eeedf77f78294f161f9b845c951
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f83270afc5b31c5a40ea970c767637fbd0355f559ebdd6601eb09f8d93dc174
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7d777b8b2838e2c4e84804e4718e2ddfa1b4eeedf77f78294f161f9b845c951
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6661D07250020ABAEB14EF64CC85BFE7BA8FF48711F504609FD15E61D1DB74A984DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 004F7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b068873d8d50779d1e6f32b52feed711f56df0ac198fa17fc01340177032503
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5fb17b156f1ea2fbf15d62a2342c937f9929ea4cacd7625c59cd08175db9a0e1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b068873d8d50779d1e6f32b52feed711f56df0ac198fa17fc01340177032503
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D681DB7160460ABBEB21BF60CC46FBF3FA8BF55340F044025FA05AA196EB78D951C7A5
                                                                                                                                                                                                                                                                                                                                                      Function 00555A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00555A2E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00555A40
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00555A57
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00555A6C
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00555A72
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00555A82
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00555A88
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00555AA9
                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00555AC3
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00555ACC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00555B33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00555B6F
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00555B75
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00555B7C
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00555BD3
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00555BE0
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 00555C05
                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00555C2F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eda6efc24bcae25fd7c42fb223a14bb174c1dfb3f8882587fb523fd6634b1587
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7e63453b39afe99209650ed586d64b244511bbe35e1216d81141d27ac7483ece
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eda6efc24bcae25fd7c42fb223a14bb174c1dfb3f8882587fb523fd6634b1587
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E718031900B059FDB20DFA9CD69A6EBFF5FF48715F100919E942A25A0E774E948CB50
                                                                                                                                                                                                                                                                                                                                                      Function 005530F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[[
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-478666498
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 01efc1ed3869a616485bb058cee99f8f66592596084f38c49efa2cd03c4ccbe1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47fb182f5804c4f7322fa9917e222d69e47cc30f01803daef69936ed5406e1d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01efc1ed3869a616485bb058cee99f8f66592596084f38c49efa2cd03c4ccbe1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83E1D732A00516ABCF189F74C4657EDBFB0BF54791F54852BE85AA7240EB30AE8DC790
                                                                                                                                                                                                                                                                                                                                                      Function 005100C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 005100C6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(005C070C,00000FA0,B112029B,?,?,?,?,005323B3,000000FF), ref: 0051011C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,005323B3,000000FF), ref: 00510127
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,005323B3,000000FF), ref: 00510138
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0051014E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0051015C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0051016A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00510195
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 005101A0
                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 005100E7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100A3: __onexit.LIBCMT ref: 005100A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 00510154
                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 00510148
                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00510122
                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 00510162
                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 00510133
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 414aedcce3681d2d055f38eab5075882a27be3b44decb7248ca2617e2a0b0965
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7214b2f3ff1f4fab3dcfe755b73f254b80200af5b45fa4a09f9cb7c16ef04e9a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 414aedcce3681d2d055f38eab5075882a27be3b44decb7248ca2617e2a0b0965
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B212532681711ABF7106BA4AC4DBAA3FD4FB58B50F002129FD01F62D1DAB49884CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005644C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0058CC08), ref: 00564527
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0056453B
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00564599
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005645F4
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0056463F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005646A7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F9F2: _wcslen.LIBCMT ref: 0050F9FD
                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,005B6BF0,00000061), ref: 00564743
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f8cf011032a0db4232f3eb37a5af17ec095562f5e077e1d23bc8fb6ab702638
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c09853269059c1aab425d6054fcba6ec776bec035d12781b7ff83991ee1e53ed
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f8cf011032a0db4232f3eb37a5af17ec095562f5e077e1d23bc8fb6ab702638
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31B1CC716083029FC720EF28C890A7ABBE5BFA5764F504A1DF596C7291E734D845CFA2
                                                                                                                                                                                                                                                                                                                                                      Function 0058911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00589147
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00587674: ClientToScreen.USER32(?,?), ref: 0058769A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00587674: GetWindowRect.USER32(?,?), ref: 00587710
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00587674: PtInRect.USER32(?,?,00588B89), ref: 00587720
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 005891B0
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005891BB
                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005891DE
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00589225
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0058923E
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00589255
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00589277
                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0058927E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00589371
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-311701890
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cbfff0eb22217967d0bd1c6a6411eb6f8ab6a7e4bf9355463f89d41371e72178
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 297453613279c14f9231f8ff90aaf2085a0e764671f7e19a8d7098adc6e80274
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbfff0eb22217967d0bd1c6a6411eb6f8ab6a7e4bf9355463f89d41371e72178
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0617A71108305AFC701EF55DC85DABBFE8FF99350F00092EF996A61A1DB309A49CB66
                                                                                                                                                                                                                                                                                                                                                      Function 004F326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(005C1990), ref: 00532F8D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(005C1990), ref: 0053303D
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00533081
                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 0053308A
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(005C1990,00000000,?,00000000,00000000,00000000), ref: 0053309D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005330A9
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32e67d75580414520226146715748ed1107143794d9f380ebd7f152e2cb393b6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b12becd10b0b385cb7d5e09a723501daac3185b65fe4ee1a10376ad2bba81fd7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32e67d75580414520226146715748ed1107143794d9f380ebd7f152e2cb393b6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A714A3064060ABEFB259F64CC4EFAABF64FF01764F204216FA246A1E1C7B1AD14DB55
                                                                                                                                                                                                                                                                                                                                                      Function 00586CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00586DEB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00586E5F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00586E81
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00586E94
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00586EB5
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,004F0000,00000000), ref: 00586EE4
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00586EFD
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00586F16
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00586F1D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00586F35
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00586F4D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509944: GetWindowLongW.USER32(?,000000EB), ref: 00509952
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 119b6afcc6228670b333aaa1f23fc6b7b9e93060f678e4bd8ae864c1e130f508
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7236fe08f8c3aadb0d14d2ead1541dbf4381203ef2b27af449fac9b832141a5f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 119b6afcc6228670b333aaa1f23fc6b7b9e93060f678e4bd8ae864c1e130f508
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE715974104244AFDB21DF28D888EAABFE9FB99304F04041DFA99A7261D770E909DB25
                                                                                                                                                                                                                                                                                                                                                      Function 0056C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0056C4B0
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0056C4C3
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0056C4D7
                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0056C4F0
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0056C533
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0056C549
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0056C554
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0056C584
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0056C5DC
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0056C5F0
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0056C5FB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 02c76b4243156f32f76f20962d24ed12fd52bb2350450b23a0fe2889b91a0a6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06760862d64b5be3f34b452edf4b5075c09744051fbd157966bebb87d6ca59ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02c76b4243156f32f76f20962d24ed12fd52bb2350450b23a0fe2889b91a0a6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B513CB1600209BFDB219F64CD48ABB7FBCFB28755F00441AF986D7650DB34E948AB60
                                                                                                                                                                                                                                                                                                                                                      Function 0058856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00588592
                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885AD
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885BA
                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 005885C8
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885D7
                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 005885E0
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885E7
                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005885F8
                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0058FC38,?), ref: 00588611
                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00588621
                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00588641
                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00588671
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00588699
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005886AF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fd8ff8c7bf44ed0a538fe9366ad1a7498e477fa2d3aa7fbbe252deda6b96001
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68adf4142fe9f92b6e1e9d87d4f5323a21c1f3068f0e669af7142356b47ae068
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fd8ff8c7bf44ed0a538fe9366ad1a7498e477fa2d3aa7fbbe252deda6b96001
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E41E875600204AFDB119FA5DC88EAA7FB9FF99B11F144058FD46E72A0DB309905DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005614BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00561502
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0056150B
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00561517
                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 005615FB
                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00561657
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00561708
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0056178C
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005617D8
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 005617E7
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00561823
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 03026725d8ce6b27527b108be68463e06191d02752cda8394b1bfc5eefba1fde
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44db7ebd282156a283b273b47bdaac8ad1d32900e8adbb28b6783b801ca88e25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03026725d8ce6b27527b108be68463e06191d02752cda8394b1bfc5eefba1fde
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FED1FE72A00A05DBDB109F65E888B7DFFB5BF84700F18845AE807AB590EB34EC44DB65
                                                                                                                                                                                                                                                                                                                                                      Function 0057B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0057B6AE,?,?), ref: 0057C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0057B6F4
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0057B772
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0057B80A
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0057B87E
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0057B89C
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0057B8F2
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0057B904
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0057B922
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0057B983
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0057B994
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 37cf996252fc61956de7b2125b2e618f1f15151756300b516bfb35637ae3d06d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9030c368a54c1078397885558127f1706d480ca8cf502026b100f8d20d3cc0ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37cf996252fc61956de7b2125b2e618f1f15151756300b516bfb35637ae3d06d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8C17B30204201AFE714DF15D494F2ABBE5FF84308F14C55DE5AA8B2A2CB75ED45DB92
                                                                                                                                                                                                                                                                                                                                                      Function 0057255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005725D8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005725E8
                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 005725F4
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00572601
                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0057266D
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 005726AC
                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 005726D0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 005726D8
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 005726E1
                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 005726E8
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 005726F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c1152d2f73b2deab75adab93629329f4db2b9aca031acf7fe9763511c36ff1d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d364579aef1b5c130a4d34de4023364ab397ff41a5710573fea2c5fc1839e8ff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c1152d2f73b2deab75adab93629329f4db2b9aca031acf7fe9763511c36ff1d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E061D475D00219EFCF14CFA4D888AAEBFB5FF58310F20852AE95AA7250D770A951DF60
                                                                                                                                                                                                                                                                                                                                                      Function 0052DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 0052DAA1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D659
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D66B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D67D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D68F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6A1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6B3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6C5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6D7
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6E9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D6FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D70D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D71F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D63C: _free.LIBCMT ref: 0052D731
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DA96
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DAB8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DACD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DAD8
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DAFA
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB0D
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB1B
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB26
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB5E
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB65
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB82
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052DB9A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d8db694c829cea385bf48e601999551412684d65b4a7c6f82976c184f53439f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3132f7810d2adfdbb71ac163df3cf532937ff3990c1d180e35d374a8add94623
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d8db694c829cea385bf48e601999551412684d65b4a7c6f82976c184f53439f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9315736604626AFEB21AB38F849B5ABFF9FF46310F554429E449D71D1DB31AC808B30
                                                                                                                                                                                                                                                                                                                                                      Function 0055365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 0055369C
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005536A7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00553797
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 0055380C
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0055385D
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00553882
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 005538A0
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 005538A7
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00553921
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 0055395D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41fa51c99d691c560267f6bbe8801660c910f0cfcbe28a76a21e4bd020c98f0d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ff3d5cd118a260b5ee239ab7c689a11c2ca745aaf26a73489b1ec68766293ea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41fa51c99d691c560267f6bbe8801660c910f0cfcbe28a76a21e4bd020c98f0d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0791B4B1204606AFD719DF24C8A5BAAFBA8FF44391F00452AFD99D2150DB30EA5DCB91
                                                                                                                                                                                                                                                                                                                                                      Function 00554954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00554994
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 005549DA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005549EB
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 005549F7
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00554A2C
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00554A64
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00554A9D
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00554AE6
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00554B20
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00554B8B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 362f04851c6eee32384bdf440b27cc0441ce891ffac0c9a5a966fd2586eca813
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b97bca61f882e052335a64c02c4cc0eeff8719c9b146d59b81370af5b7d5bdeb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 362f04851c6eee32384bdf440b27cc0441ce891ffac0c9a5a966fd2586eca813
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F91AD310042069FDF04DF14C995BAA7BE9FF84359F04846AFD859A096EB34ED89CFA1
                                                                                                                                                                                                                                                                                                                                                      Function 00588D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00588D5A
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00588D6A
                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00588D75
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00588E1D
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00588ECF
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00588EEC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00588EFC
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00588F2E
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00588F70
                                                                                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00588FA1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a96c1b53e18ddb85f5246a6b6fbc6c9ee3f2d4033f5fba063647e3b15aff23b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 158a9e8ad7234043043faf66f900405ee645ea896051b8eed848a4868b4c723f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a96c1b53e18ddb85f5246a6b6fbc6c9ee3f2d4033f5fba063647e3b15aff23b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F81AD715083029FDB20EF24D884ABB7FE9FB98314F540929FE84A7291DB70D905DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 0055DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0055DC20
                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0055DC46
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055DC50
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 0055DCA0
                                                                                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0055DCBC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ffa1218a11b6a8ab03f7701904e0a5975ee54b69ee4ca83fb5405d65a2ca37d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d0e0da0ce07a7831de485e213de961f5b41fd0701b00ddf217ae956c7a362739
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ffa1218a11b6a8ab03f7701904e0a5975ee54b69ee4ca83fb5405d65a2ca37d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 084106329402067AEB20A764DC0BEFF7FBCFF95711F14006AFD00A6182EA749A4497B5
                                                                                                                                                                                                                                                                                                                                                      Function 0057CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0057CC64
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0057CC8D
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0057CD48
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0057CCAA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0057CCBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0057CCCF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0057CD05
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0057CD28
                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0057CCF3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c75d231ecef21b275fb3c4d87f07f7c871bad016307008fca59c819b0a7faf76
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 507885beb4fe42b34e85c5d699a78db9ef6602e662d8099f944d5f4acbd9e3d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c75d231ecef21b275fb3c4d87f07f7c871bad016307008fca59c819b0a7faf76
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9316971901129BBDB219B50EC88EEFBF7CFF55740F004169A90AE6240DA309E49EBB0
                                                                                                                                                                                                                                                                                                                                                      Function 0055E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0055E6B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050E551: timeGetTime.WINMM(?,?,0055E6D4), ref: 0050E555
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0055E6E1
                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0055E705
                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0055E727
                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 0055E746
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0055E754
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0055E773
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 0055E77E
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 0055E78A
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 0055E79B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75b5fe7c5683050fcb8c64ccc3d0aaa761cd527a575d0f7ae8713213ae9e7d41
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 07f21285ec178ea6456d70ebf8ce4f11ced276430ec699f4afe879cf49f6ea3e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75b5fe7c5683050fcb8c64ccc3d0aaa761cd527a575d0f7ae8713213ae9e7d41
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97217F70200641AFEB045B21EC9AE253E69FB6578AF101426FC55915A1DF71AD4CBB34
                                                                                                                                                                                                                                                                                                                                                      Function 0055E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0055EA5D
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0055EA73
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0055EA84
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0055EA96
                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0055EAA7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6707a75a984902bca7762be9904e715608b64ca5abeb4b05b9583bb5014c39e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a37e4975e6df8b2a116412817c23db11f883e0a14b1e40779f0a605f60434cdf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6707a75a984902bca7762be9904e715608b64ca5abeb4b05b9583bb5014c39e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68114F31A5026979D724A7B2DC5AEFF6EBCFBD1B44F00042AB911A20D1EEB41A49C5B0
                                                                                                                                                                                                                                                                                                                                                      Function 00555CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00555CE2
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00555CFB
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00555D59
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00555D69
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00555D7B
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00555DCF
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00555DDD
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00555DEF
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00555E31
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00555E44
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00555E5A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00555E67
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34d04da8f13b62f3db7c0d03a067468c479a7dad1eed6fe2e7f987f968eb003f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b64a62d7fe92246abb30c17a8e8adcbefe9f65258d2b3b416616ae9fc615bbfe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34d04da8f13b62f3db7c0d03a067468c479a7dad1eed6fe2e7f987f968eb003f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B510071B00605AFDB18CF69DD99AAE7BB9FF58301F148129F916E6290E7709E04CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00508BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00508F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00508BE8,?,00000000,?,?,?,?,00508BBA,00000000,?), ref: 00508FC5
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00508C81
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,00508BBA,00000000,?), ref: 00508D1B
                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 00546973
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00508BBA,00000000,?), ref: 005469A1
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00508BBA,00000000,?), ref: 005469B8
                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00508BBA,00000000), ref: 005469D4
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 005469E6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 453147b05fac14e63d8956c58a96670cb693f4ca90f6932aa3e1438e1cba04af
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f1a137b2361a3f8634e2fcbc48d2e27fec38b5b7bc0e2b59394d601ae193091c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 453147b05fac14e63d8956c58a96670cb693f4ca90f6932aa3e1438e1cba04af
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B961CD31002A01DFDB259F14D948F797FF1FB62316F14591CE082AA9A0CB71AC88EF65
                                                                                                                                                                                                                                                                                                                                                      Function 00509838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509944: GetWindowLongW.USER32(?,000000EB), ref: 00509952
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00509862
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c52b2e7df1fea76b5835c81157511b75689bcd9ac9b05b8699f207ee3cd1e19a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 849e5d1319a728aebdd5be3e7a7ac250adb55554f0fa0c0972ad1b6476960267
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c52b2e7df1fea76b5835c81157511b75689bcd9ac9b05b8699f207ee3cd1e19a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F41BF71104644AFDB205F389C88BBD3FA5BB56330F148655F9A29B2E7D7309C42EB60
                                                                                                                                                                                                                                                                                                                                                      Function 00528D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: .Q
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3049930668
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 96dc7c2d1db751bda353c358a901cd92db1beba800c1833f992888c55c988da1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6da3e753f1948f8d6232ba48cb20cf4995b2038a1201c7fded3c6a915562d8dc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96dc7c2d1db751bda353c358a901cd92db1beba800c1833f992888c55c988da1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4C1F479E04269AFDB11DFE8E849BADBFB4BF5A310F044099E415A73D2CB309941CB61
                                                                                                                                                                                                                                                                                                                                                      Function 005596E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0053F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00559717
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0053F7F8,00000001), ref: 00559720
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0053F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00559742
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,0053F7F8,00000001), ref: 00559745
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00559866
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 43c433c53bb4b13d46c55b43f255f3b7132ffd0fa7430491ea2c7145a44027d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f03f92ffad9a2d6f2f674b398bd63f560f224ca3f423971fb2183cf3ea3d9f5b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43c433c53bb4b13d46c55b43f255f3b7132ffd0fa7430491ea2c7145a44027d9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F414E7280021DAACF04FBA1CD96EFE7B78AF54745F10042AFA0572091EB396F48CB65
                                                                                                                                                                                                                                                                                                                                                      Function 005506DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 005507A2
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 005507BE
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 005507DA
                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00550804
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0055082C
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00550837
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0055083C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4052af2a181ef8203d98faf10f09ea47f43acac36e9ba5a6cbb93b06630fd1c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b89f2ded6ca2e09304887ac73aa7bfdb65c8e44e04996d91e9cb79030f7090d3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4052af2a181ef8203d98faf10f09ea47f43acac36e9ba5a6cbb93b06630fd1c1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F541197181022DABDF15EF95DC95DFDBB78BF04384F04412AE901A31A0EB34AD18CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00573C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00573C5C
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00573C8A
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00573C94
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00573D2D
                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00573DB1
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00573ED5
                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00573F0E
                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0058FB98,?), ref: 00573F2D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00573F40
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00573FC4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00573FD8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6ef8145e5a39745aa39872aae023a50513b0fd1e7fd72c15f398bf16809ce3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c8d6e5a74afe0695ae56108ac887bb82ed4813b881fe312eaa3445f5689b81a8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6ef8145e5a39745aa39872aae023a50513b0fd1e7fd72c15f398bf16809ce3e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61C168716083059FD700DF68D88492BBBE9FF89798F10891DF98A9B250D731EE05EB52
                                                                                                                                                                                                                                                                                                                                                      Function 00567A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00567AF3
                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00567B8F
                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00567BA3
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0058FD08,00000000,00000001,005B6E6C,?), ref: 00567BEF
                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00567C74
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00567CCC
                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00567D57
                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00567D7A
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00567D81
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00567DD6
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00567DDC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c00c7c2e7a2c9dc3afe71e46af2fea8dbefe29e9d7ce2998be90fa7275d8dcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5580905e1ad418c0731f0704c5639c55bad287c87dcd94b641da7d33f3dc1623
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c00c7c2e7a2c9dc3afe71e46af2fea8dbefe29e9d7ce2998be90fa7275d8dcc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69C12C75A04109AFDB14DFA4C884DAEBBF9FF48308B148499E919EB361D734EE45CB90
                                                                                                                                                                                                                                                                                                                                                      Function 0058541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00585504
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00585515
                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00585544
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00585585
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0058559B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005855AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e41c9a12a0f2df1c1f84553764bc2c996838cb50e0c9db0274193560bc1afdbe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 42745b04112eaceb1a2295a11612348d0051d403b9466b2bbae39519b7a54e72
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e41c9a12a0f2df1c1f84553764bc2c996838cb50e0c9db0274193560bc1afdbe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF618A30900609ABDF11AFA5CC85AFE7FB9FF09321F104555FD25BA2A0E7748A84DB60
                                                                                                                                                                                                                                                                                                                                                      Function 0054FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0054FAAF
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 0054FB08
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0054FB1A
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 0054FB3A
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0054FB8D
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 0054FBA1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0054FBB6
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 0054FBC3
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0054FBCC
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0054FBDE
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0054FBE9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d30bfae2090720c6d33ed5f6364942a74664e344f5da4152ac1834491f151cf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14ef363ed0d7c7d8392ce246e92bd0a1c8cb8720e3406a8e5070852733e0b5c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d30bfae2090720c6d33ed5f6364942a74664e344f5da4152ac1834491f151cf6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17415F35A002199FCF00DF68D858DEEBFB9FF58349F008069E905A7261DB30A945DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00559C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00559CA1
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00559D22
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00559D3D
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00559D57
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00559D6C
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00559D84
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00559D96
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00559DAE
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00559DC0
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00559DD8
                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00559DEA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc5bac603b5b1c48ed66c741de47e60e680be53e9a7d56faba04111d2c374b8f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b131d0a18d2adf2eee566e6cfffe4f82201d46d02aa55d3ea4681ca127e4720a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc5bac603b5b1c48ed66c741de47e60e680be53e9a7d56faba04111d2c374b8f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B4196345047C9A9FF31966488253B5BEB07F21345F08805BDEC65A5C2EBADADCCC7A2
                                                                                                                                                                                                                                                                                                                                                      Function 0057055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 005705BC
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0057061C
                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00570628
                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00570636
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005706C6
                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005706E5
                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 005707B9
                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 005707BF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7bf34d62f3b4dc36a5b38fe801d18f66891c9d6a6ebee2f4a792b17396ff0b06
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6abc6d48119ac8fcd75b7c1705ba48c759875c691844fefb77987c6fcb9ef0a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bf34d62f3b4dc36a5b38fe801d18f66891c9d6a6ebee2f4a792b17396ff0b06
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1917835604201EFD324DF15E888B2ABFE0FB84318F14D9A9E4699B6A2C734EC45DF91
                                                                                                                                                                                                                                                                                                                                                      Function 00578CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9429416473a91c52f00b81e539bf3149808cba801a1a074082f90ebf3bfca30
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed6bd85abf77e9c0e31a6fdc358977a95cfa3f2dbe234a835ca559eeeabe48a2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9429416473a91c52f00b81e539bf3149808cba801a1a074082f90ebf3bfca30
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A851D731A405169BCF24DF6CD8449BEBBA5BF64324B20822AE92AE73C4DF34DD40D790
                                                                                                                                                                                                                                                                                                                                                      Function 0057372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00573774
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0057377F
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0058FB78,?), ref: 005737D9
                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0057384C
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 005738E4
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00573936
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 59f4e1019291eae4d6ecaa4e06380659b03697400560f20206a787e40ece4083
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 34559812fad19817e97ccffae11e22d64f890a17626576f4ff593f42f6d5c86c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59f4e1019291eae4d6ecaa4e06380659b03697400560f20206a787e40ece4083
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97618F71608301AFD310DF54D849B6ABFE4FF88725F108809F98997291D770EE48EB92
                                                                                                                                                                                                                                                                                                                                                      Function 00568195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00568257
                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00568267
                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00568273
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00568310
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00568324
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00568356
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0056838C
                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00568395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f5aee77c3f8542bb3ceb5934a6fd9030165e7a2abd808d92e02e6e3bb2f2113
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 189874d7f63183032d5eea7b7837cf07e754c93e79a8c5c9656aaf366a0bf6ab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f5aee77c3f8542bb3ceb5934a6fd9030165e7a2abd808d92e02e6e3bb2f2113
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9617BB25043059FCB10EF60C8549AEBBE9FF89314F044D1EF98997251DB35E949CBA2
                                                                                                                                                                                                                                                                                                                                                      Function 00588B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetCursorPos.USER32(?), ref: 00509141
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: ScreenToClient.USER32(00000000,?), ref: 0050915E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetAsyncKeyState.USER32(00000001), ref: 00509183
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050912D: GetAsyncKeyState.USER32(00000002), ref: 0050919D
                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00588B6B
                                                                                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 00588B71
                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00588B77
                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00588C12
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00588C25
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00588CFF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-509227506
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0d8a3fabe29188735c18bfe15b921bdb817c9564a1e7bb494ad9bd6bf8a4dd2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 099e4ddbd3ac63e6fe2c8d05728404717f99073b2f5f175e39f25c9660c825f5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0d8a3fabe29188735c18bfe15b921bdb817c9564a1e7bb494ad9bd6bf8a4dd2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB517A70104204AFD700EF15D85AFBA7BE4FB88754F40062DF9966B2E2DB709D08CB66
                                                                                                                                                                                                                                                                                                                                                      Function 00563388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 005633CF
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 005633F0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b05e2d838219a7fce2ee2bbc383f55477ca7f7e0aa3d607993222c65d512da0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fb4c37eed298fa812c72c154c02b8a8053efeb5dfe0319716366f020cd6d588
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b05e2d838219a7fce2ee2bbc383f55477ca7f7e0aa3d607993222c65d512da0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC51DD7180060AAADF15EBA1CD46EFEBB78BF14745F10406AF90573092EB392F58DB64
                                                                                                                                                                                                                                                                                                                                                      Function 0055B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e84d0ea8d70d819371183352bea71dc0c736316cab8177877a0324ec9e01ee84
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba937458e2c5cfbbc91b41b8ea8d08b40aafd3703e48544d7ae9f199bc812bea
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e84d0ea8d70d819371183352bea71dc0c736316cab8177877a0324ec9e01ee84
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A41D632A000279ADB105F7DC8A45BE7FA5FFA0795B24422BEC21D7284E735CD85C790
                                                                                                                                                                                                                                                                                                                                                      Function 00565393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 005653A0
                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00565416
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00565420
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 005654A7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ca8dc4ca98fc7dced15ed36968d219e2a1d224faed69b3194b7caf9febd90ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: faf0595bdb58ef6fef62e8f84f5dda677431af649ee32a30c620c53db27b9384
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca8dc4ca98fc7dced15ed36968d219e2a1d224faed69b3194b7caf9febd90ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F731B535A405059FCB10DF68C484BAA7FB4FF44306F1484A9E505DB252EF75DD86CB90
                                                                                                                                                                                                                                                                                                                                                      Function 00583C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00583C79
                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00583C88
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00583D10
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00583D24
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00583D2E
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00583D5B
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00583D63
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4bb00fcb1404dd742483245f0b78d0f32b2821df47c6b3da7431d22426489ef9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 62e4f9aa0be3b3c214dd7ec8a6cdde9788d0bedc0c0db694e4f348a6c7b382a8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bb00fcb1404dd742483245f0b78d0f32b2821df47c6b3da7431d22426489ef9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B418875A02209AFDF14DF64E884EAA7FB5FF49340F144029ED46A7360D730AA14DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00583A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00583A9D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00583AA0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00583AC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00583AEA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00583B62
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00583BAC
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00583BC7
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00583BE2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00583BF6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00583C13
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5bb917554b509d280f9e678af95026b7f13d50b7005db11dc995eb79f892fa4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee436d0433da57165a14457d837fb46dceb41c6f51009a4a6ab4735138f8f821
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bb917554b509d280f9e678af95026b7f13d50b7005db11dc995eb79f892fa4b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76615C75900248AFDB10EFA8CC81EEE7BB8FF49700F104199FA15AB292D774AE45DB54
                                                                                                                                                                                                                                                                                                                                                      Function 0055B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0055B151
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B165
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 0055B16C
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B17B
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0055B18D
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B1A6
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B1B8
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B1FD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B212
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0055A1E1,?,00000001), ref: 0055B21D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d44ec63ee9a565eca5262de9d61329fe488dd975158048a67929d665cb057fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5382adca7ba437c52653b1b37c6324fe800e785867d0785d9d509802b7dd2bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d44ec63ee9a565eca5262de9d61329fe488dd975158048a67929d665cb057fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC318C76500A08AFEB109F64EC5CFAD7FA9BB61312F108056FE01E6190E7B49A48DF70
                                                                                                                                                                                                                                                                                                                                                      Function 00522C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522C94
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CA0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CB6
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CC1
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CCC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CD7
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CE2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CED
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522CFB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a5d198dcbc767c780b88cc20dc6b389015d93b1cb79568ffbf604fc41185d4c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 010a45b88fce28c24a2e6ab07e861a3b683559a0f24b402d7310d0b2b5a2d983
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5d198dcbc767c780b88cc20dc6b389015d93b1cb79568ffbf604fc41185d4c8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D11967A100119BFCB02EF54E986CDD3FA5FF4A350F8144A5F9485B262D631EE909B90
                                                                                                                                                                                                                                                                                                                                                      Function 004F5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 004F5C7A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F5D0A: GetClientRect.USER32(?,?), ref: 004F5D30
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F5D0A: GetWindowRect.USER32(?,?), ref: 004F5D71
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F5D0A: ScreenToClient.USER32(?,?), ref: 004F5D99
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 005346F5
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00534708
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00534716
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0053472B
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00534733
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 005347C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 794c9b0474d704569bbe7093fa6083cc2830563c807033a9e7730d7c15499925
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8de1d77d7b733ead68d2e19d6e49ac8bd1d17e334fd63fcdfb760a877a12e25d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 794c9b0474d704569bbe7093fa6083cc2830563c807033a9e7730d7c15499925
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2671F331400609DFCF218F64CD85ABA7FB5FF4A354F14426AEE566A2A6C334AC42DF60
                                                                                                                                                                                                                                                                                                                                                      Function 0056359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005635E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(005C2390,?,00000FFF,?), ref: 0056360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c6c496e2f210f4c3b1ca2af1b084f7e4842069fe9ba004b3469efebedc0ba805
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6442a95998ad63d9252d9d26f2fb5afda2e1ff4a076e4e6d5696c26a406a1c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c496e2f210f4c3b1ca2af1b084f7e4842069fe9ba004b3469efebedc0ba805
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB517F7180060AAADF15EBA1CC42EFDBF74FF14745F14412AF60572191DB342B98DB64
                                                                                                                                                                                                                                                                                                                                                      Function 0056C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0056C272
                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0056C29A
                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0056C2CA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0056C322
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0056C336
                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0056C341
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7cd2fbdec0e8b9d7057c99520b84a60a7e2243a3ac4c91f1ae6e7c3020fc7dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bff40205b03fada04bab52b6e7e18ab1b1714d34847ff1b37f3178b2a88d4de8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7cd2fbdec0e8b9d7057c99520b84a60a7e2243a3ac4c91f1ae6e7c3020fc7dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01315AB1600208AFD7219F649888ABB7FFCFB59744B10891EA886E7200DB34DD089B70
                                                                                                                                                                                                                                                                                                                                                      Function 0055989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00533AAF,?,?,Bad directive syntax error,0058CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 005598BC
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00533AAF,?), ref: 005598C3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00559987
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62b0f6c93f4fdfe42e5a6356cf39e3e9037c2183f9a8a7cbeb74798fcdd81243
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 41bbf9dfed33519cefdcacd38c688dacb20afd2cee4dc08439dd092e1d2677e0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62b0f6c93f4fdfe42e5a6356cf39e3e9037c2183f9a8a7cbeb74798fcdd81243
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB216F3180021EEBCF11EF90CC5AEED7B75BF14745F04442AFA15620A1EB79AA18DB20
                                                                                                                                                                                                                                                                                                                                                      Function 0055209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 005520AB
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 005520C0
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0055214D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 268daed558611a6677929222a16830826c4505ecf7c227ca570ed2215b7167d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef5e9e5b67385a3f84463f5c2f63c8c112848645625a3a8a7e13c863cf4651fb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 268daed558611a6677929222a16830826c4505ecf7c227ca570ed2215b7167d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A112776288B07BAF60562209C1BDE73F9CFF16325F201027FF05A40D1FE6168899B14
                                                                                                                                                                                                                                                                                                                                                      Function 0052CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ee2bbf9a477e2bd04c2c78d903fa0a60918f833e73d9b6c714d71365b70f443
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef2b78d90c108d5a5594bcd345e99851ec0ea1192bd88f5eaabf87ffc3717944
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ee2bbf9a477e2bd04c2c78d903fa0a60918f833e73d9b6c714d71365b70f443
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45614772904721AFDB21AFB4BD89A6E7FA5BF47310F04026DF905A72C2E6319D41D7A0
                                                                                                                                                                                                                                                                                                                                                      Function 005850D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00585186
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 005851C7
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 005851CD
                                                                                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 005851D1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00586FBA: DeleteObject.GDI32(00000000), ref: 00586FE6
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0058520D
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0058521A
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0058524D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00585287
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00585296
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 809cded524d96f7571e70b2f0fe09d90f4ba29c65eba0127d264ac7dc933cda4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7298ee47408b1a327f57c2ecd3d812354bdef7df465ff79c3813233fb1bf281b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 809cded524d96f7571e70b2f0fe09d90f4ba29c65eba0127d264ac7dc933cda4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A751AF34A50A09BEEF20AF24CC4EBD83F65FB45321F144011FE56BA2E1EB75A994DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00508B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00546890
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 005468A9
                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 005468B9
                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 005468D1
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 005468F2
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00508874,00000000,00000000,00000000,000000FF,00000000), ref: 00546901
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0054691E
                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00508874,00000000,00000000,00000000,000000FF,00000000), ref: 0054692D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 227066bec85f9e881dd3d2a2d809f1d8e595cc07bce9e0e56caf1c3acc3bce7f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0cb28a0220c7d562f6baf7bca491ac6675ad50d3bfaba57b5aeca74f10f1c14a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 227066bec85f9e881dd3d2a2d809f1d8e595cc07bce9e0e56caf1c3acc3bce7f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42518770600609EFDB20CF24CC55FAA7FB5FB99764F104528F992A62E0DB70E990EB50
                                                                                                                                                                                                                                                                                                                                                      Function 0056C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0056C182
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0056C195
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0056C1A9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0056C272
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056C253: GetLastError.KERNEL32 ref: 0056C322
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056C253: SetEvent.KERNEL32(?), ref: 0056C336
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056C253: InternetCloseHandle.WININET(00000000), ref: 0056C341
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bca2bac99e688890a4b46e0a22758e2e8d4f809e4e833b113fe9bed6fe2f82e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6176fecebb203fde120e7bf84beac70b6a582114d844a33746496ab264484260
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bca2bac99e688890a4b46e0a22758e2e8d4f809e4e833b113fe9bed6fe2f82e7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22316B75200605AFDB219FA5DC58A76BFE9FF68300B00851DFDDA93610DB31E818EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005525A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00553A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetCurrentThreadId.KERNEL32 ref: 00553A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005525B3), ref: 00553A65
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 005525BD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 005525DB
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 005525DF
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 005525E9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00552601
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00552605
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0055260F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00552623
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00552627
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6fdbe08c0d28201c6de4ae59e9534c6b2662bfb39593baca3e14efc0b1d4b53a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 538b519c8dc0bd0dc184490f212e1e3e3a7641293b075a0affc53f4ae2981d44
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fdbe08c0d28201c6de4ae59e9534c6b2662bfb39593baca3e14efc0b1d4b53a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA01B131290210BBFB106769DC9EF593F59EB9AB52F101012FB18AE0D5C9F22448DB79
                                                                                                                                                                                                                                                                                                                                                      Function 00551803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00551449,?,?,00000000), ref: 0055180C
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00551449,?,?,00000000), ref: 00551813
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00551449,?,?,00000000), ref: 00551828
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00551449,?,?,00000000), ref: 00551830
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00551449,?,?,00000000), ref: 00551833
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00551449,?,?,00000000), ref: 00551843
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00551449,00000000,?,00551449,?,?,00000000), ref: 0055184B
                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00551449,?,?,00000000), ref: 0055184E
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00551874,00000000,00000000,00000000), ref: 00551868
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c313e10c575205d6b2a9e9d469979a89eae6b49a0311402c85dce0402b62db20
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ab21b36c8093d5196edc55d6b01a72bd1e70fbe59d3a3e51eb644a8a1fc209c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c313e10c575205d6b2a9e9d469979a89eae6b49a0311402c85dce0402b62db20
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F801A8B5240308BFE610ABA5DC8DF6B3FACEB99B11F005411FA05EB2A1DA719804DB30
                                                                                                                                                                                                                                                                                                                                                      Function 0057A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0055D501
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0055D50F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055D4DC: CloseHandle.KERNEL32(00000000), ref: 0055D5DC
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0057A16D
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0057A180
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0057A1B3
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0057A268
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0057A273
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057A2C4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d70280232c5ab24bdf01e82608d0567f77c1c4745ff9daa9778c6586b6f0afc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3ac0d7f84090d0f27413adde95e6bc7ece611d955481d386ed379ed528282ca
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d70280232c5ab24bdf01e82608d0567f77c1c4745ff9daa9778c6586b6f0afc2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34618C35204242AFD710DF19D494F29BFA1BF94318F54C48CE86A8B6A3C776EC49DB92
                                                                                                                                                                                                                                                                                                                                                      Function 00583886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00583925
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0058393A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00583954
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00583999
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 005839C6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005839F4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72bc5ea1137186df1b9b8de0cbfed1d23afc5f3ee038f49629924016027da893
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: df26690ccc0f10287d89e8d374f12374df7a0fba01ee95c3d21a2348ad2253ff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72bc5ea1137186df1b9b8de0cbfed1d23afc5f3ee038f49629924016027da893
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6841A171A00219ABEB21AF64CC49FEA7FA9FF48750F100526F958F7281D7719A84CB94
                                                                                                                                                                                                                                                                                                                                                      Function 0055BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0055BCFD
                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 0055BD1D
                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 0055BD53
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(018253A0), ref: 0055BDA4
                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(018253A0,?,00000001,00000030), ref: 0055BDCC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f0cf7964c9b63ca6dc91a24ae8ff81054a04db577de6613c06dfed0ad383b481
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bacd08cd6d5e4f4e4e8a44f4c9f57c471bdb2eeac0aaaf21b9dc8654432a4860
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0cf7964c9b63ca6dc91a24ae8ff81054a04db577de6613c06dfed0ad383b481
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6451AF70A002099BEF10CFA8D8ACBAEBFF4BF95316F14451AEC51E7290D7719948CB61
                                                                                                                                                                                                                                                                                                                                                      Function 00512D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00512D4B
                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00512D53
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00512DE1
                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00512E0C
                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00512E61
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                      • String ID: &HQ$csm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-3952113351
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12679fea1ebb813971813df84cc972156423dac9fa7e9a5a8eaa85fd2b40592c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0035aaa44fef48e89856006cc17398d7247a423b762a0035dc16955f89d5b125
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12679fea1ebb813971813df84cc972156423dac9fa7e9a5a8eaa85fd2b40592c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E841C634A00209AFDF10DF68D859ADEBFB5BF44324F148155E8146B392D731AEA6CBD0
                                                                                                                                                                                                                                                                                                                                                      Function 0055C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 0055C913
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b0042f266f082b3388b2a862c047e6fd846f25c00bd05947b5bdcc779496583
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d68e84e1c5f0fbf48ed38829401603b9d0d3d6dae01cbd775e7a6264d7806301
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b0042f266f082b3388b2a862c047e6fd846f25c00bd05947b5bdcc779496583
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42113D32689307BFE7005B149C93CEA6FACFF15716B20002BFD00A62C2DB747D845664
                                                                                                                                                                                                                                                                                                                                                      Function 0055ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64ebdbda4f15e207ace82a1665ecfdd446f2f7ef6129edb4ddc3bdf4f719ab95
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2208ee58973c4c6f796c416478514749fbeb27ba00a4d5308826ebc515507af0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64ebdbda4f15e207ace82a1665ecfdd446f2f7ef6129edb4ddc3bdf4f719ab95
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35418069C1021965DB11EBB4888F9CFBBBCBF85710F508466E924E3122EB34E395C7A5
                                                                                                                                                                                                                                                                                                                                                      Function 0050F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0054682C,00000004,00000000,00000000), ref: 0050F953
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0054682C,00000004,00000000,00000000), ref: 0054F3D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0054682C,00000004,00000000,00000000), ref: 0054F454
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c1877df8d7f36fe7566497a6c2a46137c8028821fcedd535a49f3e9b2268bb1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b04a459d046cad3db4961ca95c272064ca1c1fb0585987bd5d76ff0d58c2d3b3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1877df8d7f36fe7566497a6c2a46137c8028821fcedd535a49f3e9b2268bb1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D412A31608680BEDB398F2DD88CB6E7F91BB96314F144C3DE48762DE1D631A885DB11
                                                                                                                                                                                                                                                                                                                                                      Function 00582D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00582D1B
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00582D23
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00582D2E
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00582D3A
                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00582D76
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00582D87
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00585A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00582DC2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00582DE1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 21dd32bbd6f195b68a8652706f317063bd93affac5d98cb34cac2684038bbba7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d97e1aced6e0bc754b0bb03aae7b2adc2025ad77fb8aba002ababea8b388dbb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21dd32bbd6f195b68a8652706f317063bd93affac5d98cb34cac2684038bbba7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B318B76201214BBEB119F548C8AFEB3FA9FF19751F044065FE08AE291D6759C45CBB0
                                                                                                                                                                                                                                                                                                                                                      Function 00555622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f48df24cea49bc33c6931360d103ff547a2107fcb87fcb5ece7237835458c09
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bdde14fac3e6049a9f3f9d31768ef6a5724d478ba11c68d0d5e4286ab1842ba
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f48df24cea49bc33c6931360d103ff547a2107fcb87fcb5ece7237835458c09
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF212C61744D0EB7E21465118DB2FFA3F5CBF54386F540422FE066A541F720EE1883A9
                                                                                                                                                                                                                                                                                                                                                      Function 00574FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5cc6f94a26b7483e952855286b5da403d1641f6feb65c5d2596b2c14b2e496a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6c7f8505cc8f5d4dc8489fb9a07ab750ef98cec77471f24a39c528c912152c8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cc6f94a26b7483e952855286b5da403d1641f6feb65c5d2596b2c14b2e496a7
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD1E371A0060A9FDF10CFA8D884BAEBBB5FF48304F14C469E919AB291E7B0DD45DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00531522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,005317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 005315CE
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00531651
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,005317FB,?,005317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005316E4
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005316FB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00523820: RtlAllocateHeap.NTDLL(00000000,?,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6,?,004F1129), ref: 00523852
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,005317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00531777
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005317A2
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005317AE
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06b79fddda4df28191284e037d1dd75029be1db08b7f53dff9b5e10727643871
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8996ac19affbdbef217f4a5b1f9c4ebadf0e5c13710174426dd0768a56cf55b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06b79fddda4df28191284e037d1dd75029be1db08b7f53dff9b5e10727643871
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC91A271E00A169ADF218FB4C985AEE7FB5FF89310F184659E802E7281DB35DC44CB68
                                                                                                                                                                                                                                                                                                                                                      Function 00574523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d45b518ab2d4a443306b8f7b6fe740828e0152f9ac57cc46b49afb639420f6f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 409a887adc2d1eb63a3a8315f633190dd9d072b6dc7136a4da63350d9f4bf8e3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d45b518ab2d4a443306b8f7b6fe740828e0152f9ac57cc46b49afb639420f6f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A919171A00219ABDF24CFA4D888FAEBFB8FF85710F108559F509AB280D7709941DFA0
                                                                                                                                                                                                                                                                                                                                                      Function 00561187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0056125C
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00561284
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 005612A8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005612D8
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0056135F
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005613C4
                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00561430
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 20b6c61e24f47453e81d4167acddd918ec1f60f6974f2a64dc3f4333541e852a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16b57d0e7682ba628b1a1ae7d5f2816bfd91d61d37951d0db6d03c9f2144e6c7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20b6c61e24f47453e81d4167acddd918ec1f60f6974f2a64dc3f4333541e852a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54912675A006099FDB00DFA5C885BBEBBB5FF84315F184429E901EB291DB74ED41CB98
                                                                                                                                                                                                                                                                                                                                                      Function 0050948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 18c05bb4bc090199f817d065fd96529155fd4184d815e3637037513a7f043667
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57616fe2505f8aa4fd535fcab68922c3b4ca74b61a25691c200d3878dd37f7a7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18c05bb4bc090199f817d065fd96529155fd4184d815e3637037513a7f043667
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78912771900219EFCB10CFA9CC88AEEBFB8FF49324F148555E915B7296D374A941CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00573947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0057396B
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00573A7A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00573A8A
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00573C1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560CDF: VariantInit.OLEAUT32(00000000), ref: 00560D1F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560CDF: VariantCopy.OLEAUT32(?,?), ref: 00560D28
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00560CDF: VariantClear.OLEAUT32(?), ref: 00560D34
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b0618c51d313fcd7894d2af85c7511abdcb20e292eaba485e74a46b1daa3b033
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5fa21a821770273385c04aeeecb56ffc73cd42aa1f5945f52ed41b43e3259e2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0618c51d313fcd7894d2af85c7511abdcb20e292eaba485e74a46b1daa3b033
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F9168756083059FC704EF24D48596ABBE4FF88324F14886EF8899B351DB30EE45EB92
                                                                                                                                                                                                                                                                                                                                                      Function 00574BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?,?,0055035E), ref: 0055002B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?), ref: 00550046
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?), ref: 00550054
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?), ref: 00550064
                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00574C51
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00574D59
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00574DCF
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00574DDA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 238ead6cbfec1b4e84639642c84cf4d7ad676df7b674385ec4c427c5c43ddee4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd9e3f37c6bac56d21f549be7d86cba5542d4e2fb18370a860abf0b5573d1710
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 238ead6cbfec1b4e84639642c84cf4d7ad676df7b674385ec4c427c5c43ddee4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38913871D0021D9FDF10DFA4D891AEEBBB8BF08314F10856AE919A7281DB349E44DF60
                                                                                                                                                                                                                                                                                                                                                      Function 005820FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00582183
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 005821B5
                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005821DD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00582213
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0058224D
                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 0058225B
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00553A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetCurrentThreadId.KERNEL32 ref: 00553A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005525B3), ref: 00553A65
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005822E3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E97B: Sleep.KERNEL32 ref: 0055E9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8adcc08990ebcc27a5b42e1f6aa79a718d6dd490969590ecd6765e963a46737c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f745c9378fa764344d7a8fe5ce7c9d1384b1d358e3844601da03f0d5462cf804
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8adcc08990ebcc27a5b42e1f6aa79a718d6dd490969590ecd6765e963a46737c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F714C75A00205AFCB14EF65C885AAEBFF5BF88314F148469E916FB351DB34A941CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0055AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 0055AEF9
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 0055AF0E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 0055AF6F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 0055AF9D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 0055AFBC
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 0055AFFD
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0055B020
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 44ce816090e194e86be5f31bb4cff7ddd7892013432d6a2532015cefa193e4a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f79d17ec346a98eafacd813a555e189f0e16a3f46c9cf48e60ac0838278f7a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44ce816090e194e86be5f31bb4cff7ddd7892013432d6a2532015cefa193e4a4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 085104A06043D13DFB3242348C69BBABEA96F06305F08858AE9D9554D3D398ACCCD361
                                                                                                                                                                                                                                                                                                                                                      Function 0055ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 0055AD19
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 0055AD2E
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 0055AD8F
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0055ADBB
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0055ADD8
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0055AE17
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0055AE38
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d64a938074b66d71ba86335b86d989875427caf28455e7bbe55e103e5a1fa8d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e243678e07a9c34d18f8413dfddd69b37db9465e8ec1bacfeaf0f32f5c91c2c5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d64a938074b66d71ba86335b86d989875427caf28455e7bbe55e103e5a1fa8d2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D15108A15047D53DFB3393348C66B7ABEA87B45302F08868AE9D5568C2D394EC8CD762
                                                                                                                                                                                                                                                                                                                                                      Function 0052542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(00533CD6,?,?,?,?,?,?,?,?,00525BA3,?,?,00533CD6,?,?), ref: 00525470
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 005254EB
                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 00525506
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00533CD6,00000005,00000000,00000000), ref: 0052552C
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00533CD6,00000000,00525BA3,00000000,?,?,?,?,?,?,?,?,?,00525BA3,?), ref: 0052554B
                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,00525BA3,00000000,?,?,?,?,?,?,?,?,?,00525BA3,?), ref: 00525584
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab8f9c63cb740525c0e727126bc9d47ca444b41ad563a5281b79dfaaf0990ea6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c4a0c4033cf1dd82cad9841fd81741100a9ed1a911799fd9e7fbcbc6be865c7c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab8f9c63cb740525c0e727126bc9d47ca444b41ad563a5281b79dfaaf0990ea6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE51B171A006199FDB10CFA8E885AEEBFF9FF1A301F14451AF955E72D1E6309A41CB60
                                                                                                                                                                                                                                                                                                                                                      Function 005710B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057304E: inet_addr.WSOCK32(?), ref: 0057307A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057304E: _wcslen.LIBCMT ref: 0057309B
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00571112
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571121
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 005711C9
                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 005711F9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6cd4e1b775ffed42966668538635dad0cb5bfe31128e12a3fdab2eda9a9d5f6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9b0c1fb97e81a9590989159dd5157cb62bbf86167a8fbf757add90597752f32
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cd4e1b775ffed42966668538635dad0cb5bfe31128e12a3fdab2eda9a9d5f6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30410331600608AFDB109F28D884BA9BFE9FF45328F54C059FD0AAF291C774AD45DBA5
                                                                                                                                                                                                                                                                                                                                                      Function 0055CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0055CF22,?), ref: 0055DDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0055CF22,?), ref: 0055DE16
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0055CF45
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0055CF7F
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055D005
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055D01B
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 0055D061
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 18843b0866532f8e2c0ee0e902c0542e9b00b9b77081304c47c43a10c210e064
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 799d8d923e72dd5e914bf7ff03680f90a3e7499909945f3354edc6e0a583ab7a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18843b0866532f8e2c0ee0e902c0542e9b00b9b77081304c47c43a10c210e064
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA4144719052195FDF12EBA4D995ADDBFB8BF48381F0000E7E905EB141EA34A788CB50
                                                                                                                                                                                                                                                                                                                                                      Function 00582DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00582E1C
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00582E4F
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00582E84
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00582EB6
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00582EE0
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00582EF1
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00582F0B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f4c55b56e5e3c009d78baece423fe69addf12410e43a8c21c7597f32f1964bc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1883cbe420c706ec1a571a4735707ef00f147405ea494dd17a19b3a282ebec61
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f4c55b56e5e3c009d78baece423fe69addf12410e43a8c21c7597f32f1964bc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3312430604640AFDB21EF19DC84F653FE8FBAA710F141165F900AF2B2CB71A848EB18
                                                                                                                                                                                                                                                                                                                                                      Function 00557726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00557769
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0055778F
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00557792
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005577B0
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 005577B9
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 005577DE
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005577EC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad47ae4712c6b7f6f1392860c08c86b1680fa92982eb938517857e0580cecf67
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b42665c6a2a3c05dc8c67a88e247d895d5440c25b10c0c2410fbb58cd674cdd6
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad47ae4712c6b7f6f1392860c08c86b1680fa92982eb938517857e0580cecf67
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92219F76614219AFDF10DFA8EC88CBA7BACFB0D3657048426BD14DB1A0D6709C498760
                                                                                                                                                                                                                                                                                                                                                      Function 005577FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00557842
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00557868
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0055786B
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 0055788C
                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00557895
                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 005578AF
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 005578BD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e823dd03b4bcfdb65e99ebfb319251b7105a3179d350cb6040f32459befbbc3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 76d1660f988e9d83e28bcd7cbd61ee7558e0a86d6ae15cfc7313cb0c1dc93225
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e823dd03b4bcfdb65e99ebfb319251b7105a3179d350cb6040f32459befbbc3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09218131604118AFDF109BA8EC9CDAA7BACFB0C3617108126BD15DB2A1D670DC49CB74
                                                                                                                                                                                                                                                                                                                                                      Function 005604D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 005604F2
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0056052E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68169ce65331f6e4791e3a3e73e2e9c7fbfbc9aca7dfb1ebe9a8600d23259afd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2dd1017d706fab86ad719139c997ad94116bafbecf45225f329b64205c54d1d4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68169ce65331f6e4791e3a3e73e2e9c7fbfbc9aca7dfb1ebe9a8600d23259afd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE215C75600305ABDF209F29DC44AAB7FA4BF64724F205A19F8A2E72E0E7709944DF20
                                                                                                                                                                                                                                                                                                                                                      Function 005605A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 005605C6
                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00560601
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d699386046f7657db1b2be9c6dadf69f37da132bc853f74976858236fe0ad80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 31b906b6bb4d403c0beff12745400c19514f80461cacb76a8a7304744f051543
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d699386046f7657db1b2be9c6dadf69f37da132bc853f74976858236fe0ad80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F2151755003059BDB209F69DC44AAB7FE4BF95720F201A19FCA1E72E0D7B09961DB20
                                                                                                                                                                                                                                                                                                                                                      Function 005840AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004F604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: GetStockObject.GDI32(00000011), ref: 004F6060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004F606A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00584112
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0058411F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0058412A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00584139
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00584145
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f02a544d83e7568ae914d654fe450e13d13d9ea952d7daf483c5e46d4a6bcf5c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37c167e4c2c78ac3e6aa5d1e98b997d236c7441cfda94794a3910821aa614617
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f02a544d83e7568ae914d654fe450e13d13d9ea952d7daf483c5e46d4a6bcf5c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 671190B215021EBEEF119F64CC85EE77F5DFF18798F014111BA18A6090CA769C21DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 0052D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0052D7A3: _free.LIBCMT ref: 0052D7CC
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D82D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D838
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D843
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D897
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D8A2
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D8AD
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D8B8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3dbe6212fc4485eb7f410a970959c79be8919209bf0380ab29a7a80fe44a6126
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3113072540725BAD521BFB0EC4BFCB7FECBF86700F440815B29DA60D2D66DB5854660
                                                                                                                                                                                                                                                                                                                                                      Function 0055DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0055DA74
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 0055DA7B
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0055DA91
                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 0055DA98
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0055DADC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 0055DAB9
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee44e8acaf1f155411912a177c20a2926538283d0b8e2ad17ce737a0c472a15d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d2c2601c55b35c1a7ffa06019a5ec8632870077869c77148b81507dfd9d88921
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee44e8acaf1f155411912a177c20a2926538283d0b8e2ad17ce737a0c472a15d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC0162F25002087FEB10ABA4DD89EEB3A6CF708301F4014A6BB06F2041E6749E888F74
                                                                                                                                                                                                                                                                                                                                                      Function 0056096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0181E6B0,0181E6B0), ref: 0056097B
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0181E690,00000000), ref: 0056098D
                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0056099B
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005609A9
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 005609B8
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(0181E6B0,000001F6), ref: 005609C8
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0181E690), ref: 005609CF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b343081d708f913b3d32a4e90cc828299d2a29f2252de6dea2a38be5577746f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4cbda73cab2cd8ffb0c1e5224cbe517bbe089c12e0b3fc7f8209d92167989da
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b343081d708f913b3d32a4e90cc828299d2a29f2252de6dea2a38be5577746f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F01D31442902ABD7415B94EE8CAD67F25BF11712F403015F502618E0C7749469DFA0
                                                                                                                                                                                                                                                                                                                                                      Function 00571C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00571DC0
                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00571DE1
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571DF2
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?), ref: 00571EDB
                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00571E8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005539E8: _strlen.LIBCMT ref: 005539F2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00573224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0056EC0C), ref: 00573240
                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00571F35
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c009ed779d4572ca3a3a6ebcfc315a97a60aed4960617d5857471f4185957bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e718931263d1c0f4564ad6088b25149faa8b3e8f6cf58e65b691467263f5b84
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c009ed779d4572ca3a3a6ebcfc315a97a60aed4960617d5857471f4185957bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5B1E070204700AFC324EF29D895E3A7BA9BF84318F54894CF55A5B2E2CB31ED45CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 005201B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 005200BA
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005200D6
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 005200ED
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0052010B
                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00520122
                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00520140
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fdcb23850a64eaa0212bbbec82f343c887ce09a75742cbe89d9d3ef85037e231
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72812776A01B269BF7209F38DC45BAB7BE9BF82320F24453AF511D62C2E7B0D9418750
                                                                                                                                                                                                                                                                                                                                                      Function 005261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,005182D9,005182D9,?,?,?,0052644F,00000001,00000001,8BE85006), ref: 00526258
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0052644F,00000001,00000001,8BE85006,?,?,?), ref: 005262DE
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 005263D8
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005263E5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00523820: RtlAllocateHeap.NTDLL(00000000,?,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6,?,004F1129), ref: 00523852
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 005263EE
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00526413
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac409ea5a3b13ea1375297f0de49ace24e43ff4d38ef74baaded3a1151e66508
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 737eadab35e5d1fc694a60baf68060e9b1535a0fa29bcf37efac769809aca680
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac409ea5a3b13ea1375297f0de49ace24e43ff4d38ef74baaded3a1151e66508
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9251CE72600226ABEB258E64EC85EAF7FA9FF96710F154A29FC05D71C0DB34DC44C6A0
                                                                                                                                                                                                                                                                                                                                                      Function 0057BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0057B6AE,?,?), ref: 0057C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0057BCCA
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0057BD25
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0057BD6A
                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0057BD99
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0057BDF3
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0057BDFF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3584576763c250c9e40c9202e776314c71ba64d9d886bf2f247764992654073c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 15e37082e9d0915acecd01726a15784ddc766152c88cfb5cbf34eebbfec57708
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3584576763c250c9e40c9202e776314c71ba64d9d886bf2f247764992654073c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F81AA70208241AFD714DF24D885F2ABBE9FF84348F14896DF5598B2A2DB31ED05DB92
                                                                                                                                                                                                                                                                                                                                                      Function 0054F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 0054F7B9
                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 0054F860
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0054FA64,00000000), ref: 0054F889
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(0054FA64), ref: 0054F8AD
                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(0054FA64,00000000), ref: 0054F8B1
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0054F8BB
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2160bf8b15420bd58837f5ce6f00147f568e801ab4e1aa84b1dfb54dd136355
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8992eaee210485d61d0f3faec98c3d22d722b4e290d84537ede89ded14eb7014
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2160bf8b15420bd58837f5ce6f00147f568e801ab4e1aa84b1dfb54dd136355
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED51EA31A00311BACF24AF69D895BB9BBA4FF85318F145867E905DF291D7748C40C7A6
                                                                                                                                                                                                                                                                                                                                                      Function 0056910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F7620: _wcslen.LIBCMT ref: 004F7625
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 005694E5
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00569506
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0056952D
                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00569585
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f39ca898c17cf81ebdf3747623586824b8839df63c20fcb6926ec6ea07f15b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9bd1d210f22fee874e9a2ada4d1951cb8f26fc20652b2ab841e23469133d342b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f39ca898c17cf81ebdf3747623586824b8839df63c20fcb6926ec6ea07f15b2
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E1B131604341DFD724EF25C485A6ABBE4FF85318F04896DF9899B2A2DB34DD05CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0050920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00509241
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005092A5
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 005092C2
                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 005092D3
                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00509321
                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 005471EA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509339: BeginPath.GDI32(00000000), ref: 00509357
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9828885408a05f3f1fe63bd79c00f62e3230c4021dcf80c4041fee6bfb9d87bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 312c4b34ef24f1227f7115fee108c68535016a792fffa24513f16abebf38a108
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9828885408a05f3f1fe63bd79c00f62e3230c4021dcf80c4041fee6bfb9d87bb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84419D70104701AFD721DF24CC88FAA7FB8FB9A324F140629F994972E2C7719849EB61
                                                                                                                                                                                                                                                                                                                                                      Function 005607EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0056080C
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00560847
                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00560863
                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 005608DC
                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 005608F3
                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00560921
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 380268a63d6723885489aea29b0a4a58d62d577726fa8c588770fb3d5020f374
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 378923174b4d61bf996b3d35f13f9978c979f59d55484d8d8da663c35a3dac02
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 380268a63d6723885489aea29b0a4a58d62d577726fa8c588770fb3d5020f374
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7414871900205EBDF14EF54DC89AAA7BB9FF44310F1440A9ED01AB297DB30EE65DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005881DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0054F3AB,00000000,?,?,00000000,?,0054682C,00000004,00000000,00000000), ref: 0058824C
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00588272
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005882D1
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 005882E5
                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0058830B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0058832F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ebd046c00fe98e1c8751b07573bdce898518f679a789db216f157131c89f1605
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c183bea16e00793ce0deb0960ad7ddc5aa98bfef3d0ec6672b406db4f3f80278
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebd046c00fe98e1c8751b07573bdce898518f679a789db216f157131c89f1605
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8641C438601A40AFDB22EF15CC99FB47FE0FB16714F581168ED09AF262CB31A845DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00554C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 00554C95
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00554CB2
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00554CEA
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00554D08
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00554D10
                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 00554D1A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bf9a0fef8ee3ad0dea9d25e3c09e552f71a0c12c4f1f165cedee1b3e26da242d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce317a7af72ba3367614fc80029eb14353b3357d2feb817457db9e3f1eeba64f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf9a0fef8ee3ad0dea9d25e3c09e552f71a0c12c4f1f165cedee1b3e26da242d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4721C531204201BBEB259B2ADC59A7F7FACEF85755F10403AFC05DE191EA61DC849BA0
                                                                                                                                                                                                                                                                                                                                                      Function 0056581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004F3A97,?,?,004F2E7F,?,?,?,00000000), ref: 004F3AC2
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0056587B
                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00565995
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0058FCF8,00000000,00000001,0058FB68,?), ref: 005659AE
                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 005659CC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 59b4619d8681e0253cc16639c290c67bd5661dee837c4cac6352fb89a08926f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aeb4f912193719970a418a25468c99204a6ce384d741fdaa7193d51aadb335a0
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59b4619d8681e0253cc16639c290c67bd5661dee837c4cac6352fb89a08926f8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCD172706087059FC714DF25C480A2ABBE5FF89718F14885EF98A9B361EB35EC45CB92
                                                                                                                                                                                                                                                                                                                                                      Function 0055175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00550FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00550FCA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00550FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00550FD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00550FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00550FE5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00550FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00550FEC
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00550FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00551002
                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,00551335), ref: 005517AE
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 005517BA
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 005517C1
                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 005517DA
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00551335), ref: 005517EE
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005517F5
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 26efad846c63e57738e42b6c6e2a8dca805a66b83ac37db0791ba3be3980190e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d40541e99c97819995c6280f5d12f6db01f643f1ac2543b25646bbb1c795d2a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26efad846c63e57738e42b6c6e2a8dca805a66b83ac37db0791ba3be3980190e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11BE31520A05FFDB149FA8CC99BAE7FA9FF49356F10411AFC41A7210C735A948DB68
                                                                                                                                                                                                                                                                                                                                                      Function 005514CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 005514FF
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00551506
                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00551515
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 00551520
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0055154F
                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 00551563
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65d91191d709f816eb544c816931edba903f3d824f59a08f176c42ca4d2b903b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 016a3142e12504b8ac31d17696d8cfcc22efb78182001d0e2a2f77118b122c66
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65d91191d709f816eb544c816931edba903f3d824f59a08f176c42ca4d2b903b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10116472100209EBDF118FA8ED09FDE3FA9FB48749F044029FE05A2060D3758E68EB64
                                                                                                                                                                                                                                                                                                                                                      Function 00513382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00513379,00512FE5), ref: 00513390
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0051339E
                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005133B7
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00513379,00512FE5), ref: 00513409
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 43e01bdd1a0fd5b0729ac51907a066e7779ec3d3e2e5041f0b4c002e65a67b0f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0a8070b6fc4b5b235475cdc924311636a741493aa95cee7a5bd23387908aa37
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43e01bdd1a0fd5b0729ac51907a066e7779ec3d3e2e5041f0b4c002e65a67b0f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87012832308312BEBB143B747CED5DB2E54FB653757200729F420841F0EF516D8AA558
                                                                                                                                                                                                                                                                                                                                                      Function 00522D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00525686,00533CD6,?,00000000,?,00525B6A,?,?,?,?,?,0051E6D1,?,005B8A48), ref: 00522D78
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522DAB
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522DD3
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,0051E6D1,?,005B8A48,00000010,004F4F4A,?,?,00000000,00533CD6), ref: 00522DE0
                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,0051E6D1,?,005B8A48,00000010,004F4F4A,?,?,00000000,00533CD6), ref: 00522DEC
                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 00522DF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a95bfaabd6cbabb223da68ef5343e54b29c71d166e5248d4196785e391c32ae1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e72b77b95c639c52d74d0568bcc8b4ea1226be1d6ee567c3cabd2e925fe91288
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a95bfaabd6cbabb223da68ef5343e54b29c71d166e5248d4196785e391c32ae1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F0C83E50463277C3122738BC0EE5B2E59BFD37A1F240928F829E21D2EE3498475270
                                                                                                                                                                                                                                                                                                                                                      Function 00588A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00509693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: SelectObject.GDI32(?,00000000), ref: 005096A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: BeginPath.GDI32(?), ref: 005096B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: SelectObject.GDI32(?,00000000), ref: 005096E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00588A4E
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00588A62
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00588A70
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00588A80
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00588A90
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00588AA0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7236b957968a242e844475576cb8bb253c50305a3246931b9a6815ac9a88afbe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9547a88ca9545652a6a237982ff1f3a00f2481d6423c9a792215f60bd680a802
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7236b957968a242e844475576cb8bb253c50305a3246931b9a6815ac9a88afbe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5110976000109FFDB129F90DC88EAA7F6DEB19390F008052BE19AA1A1C7719D59EBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005551FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00555218
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00555229
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00555230
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00555238
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0055524F
                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00555261
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b0fffd8cdfed8e7b577af2c33f83dd6ca26c4f552ca8283a61674fe2a022ceb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 62553dab48c5bcb0c8e40e46543be15a8df5c3cc0d58a37de8bb559c3bb5eb27
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0fffd8cdfed8e7b577af2c33f83dd6ca26c4f552ca8283a61674fe2a022ceb9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A014475A00715BBEB109BB69C49A5EBF78FF54751F044065FE04E7281D6709808DB60
                                                                                                                                                                                                                                                                                                                                                      Function 004F1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 004F1BF4
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 004F1BFC
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004F1C07
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004F1C12
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 004F1C1A
                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004F1C22
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c022750fd6d047b42c91e1885be1b88a31f28640a1a03b022cad67b80377421
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0108bba8de721f999fc51ef1c4afd3888e957bfd08d65140bbe2fc876ca1a7bf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c022750fd6d047b42c91e1885be1b88a31f28640a1a03b022cad67b80377421
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C4B941C7F5A868CBE5
                                                                                                                                                                                                                                                                                                                                                      Function 0055EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0055EB30
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0055EB46
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 0055EB55
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0055EB64
                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0055EB6E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0055EB75
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6b58f84c9dc21935ea9d302ef6dbbb374195e7f02cf1ecc05a5380cf1fbbc918
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f565e3adc753139f8a0d5234090b01b07d85dcaea5d04c03637deee55234a8b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b58f84c9dc21935ea9d302ef6dbbb374195e7f02cf1ecc05a5380cf1fbbc918
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DF06D72100118BBE62057529C0EEAB3E7CEBDAB11F001168FA01E1091E7B01A09E7B4
                                                                                                                                                                                                                                                                                                                                                      Function 00547439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 00547452
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 00547469
                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 00547475
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00547484
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00547496
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 005474B0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3af4f1043fe3df8c50d2ada4e8b75e915d094d5c7b3c21c2dc90049da4f5ba8
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2a3ec8417a4dd379866d4a7ffa6f0073ae205b66c2dd13b8fb205bf13de5fdde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3af4f1043fe3df8c50d2ada4e8b75e915d094d5c7b3c21c2dc90049da4f5ba8
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19017831400609EFDB105FA4EC08BEA7FB5FF18321F1014A0FD16A21A1CB311E45AB60
                                                                                                                                                                                                                                                                                                                                                      Function 00551874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0055187F
                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 0055188B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00551894
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0055189C
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 005518A5
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 005518AC
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2929cc0a530001494e787ad6556978beca4daa7026292d275b633b144cf34893
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21a86487d4250e4f4dd1b8d955ef9b7f416c6268cfc34b7755968c2997259cfc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2929cc0a530001494e787ad6556978beca4daa7026292d275b633b144cf34893
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22E0E536004101BBDB015FA1ED0CD0ABF39FF69B22B109624FA25A1474CB329425FF60
                                                                                                                                                                                                                                                                                                                                                      Function 004FBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 004FBEB3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: D%\$D%\$D%\$D%\D%\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-524531416
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6df645743af1e2ebe853b45ac12f16a8dde07a8e1e953b7b980b5787d9a26581
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 17efc7d9968bb4c20802f422eb2c5716171583a6fe28ac21402c0cc29c7c68f2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6df645743af1e2ebe853b45ac12f16a8dde07a8e1e953b7b980b5787d9a26581
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64912875A0020ACFCB18CF58C090ABABBF1FF5A310F24816EDA55AB350D735A981DBD5
                                                                                                                                                                                                                                                                                                                                                      Function 00577B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00510242: EnterCriticalSection.KERNEL32(005C070C,005C1884,?,?,0050198B,005C2518,?,?,?,004F12F9,00000000), ref: 0051024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00510242: LeaveCriticalSection.KERNEL32(005C070C,?,0050198B,005C2518,?,?,?,004F12F9,00000000), ref: 0051028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100A3: __onexit.LIBCMT ref: 005100A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00577BFB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005101F8: EnterCriticalSection.KERNEL32(005C070C,?,?,00508747,005C2514), ref: 00510202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005101F8: LeaveCriticalSection.KERNEL32(005C070C,?,00508747,005C2514), ref: 00510235
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: +TT$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-2382484226
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be0487ad1b31333ca58c11d192eb10ac517c20742c40513d1db1d3c17f3711f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b60833b321c9b855aa48b42e6b0201fdb109bd678d70d1280737402a86a10089
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be0487ad1b31333ca58c11d192eb10ac517c20742c40513d1db1d3c17f3711f6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32918C70A04209AFCB14EF94E895DBDBFB5FF48304F108459F81AAB291DB71AE41EB50
                                                                                                                                                                                                                                                                                                                                                      Function 0055C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F7620: _wcslen.LIBCMT ref: 004F7625
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0055C6EE
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055C735
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0055C79C
                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0055C7CA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b8b5def3fe4f4bf86e5f4ffc96c4dad4502676143a72172d6d4ed531b3f4deb
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 563edcc0210f8fcbc6b711e486bc313215267c35cb01d3c9e55a1390a7b2f563
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b8b5def3fe4f4bf86e5f4ffc96c4dad4502676143a72172d6d4ed531b3f4deb
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0551DE716243019FD7109E28C8A4B6ABFE8FB89315F040A2EFD95E3591DB74D908CB96
                                                                                                                                                                                                                                                                                                                                                      Function 0057AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0057AEA3
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F7620: _wcslen.LIBCMT ref: 004F7625
                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0057AF38
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057AF67
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ad244bbc2e4b58c0effb3cfa451b9eba5664422dcabcf96ce1f2f153c7d14b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e09ec90fee08128e5e0ac5b499d0817ef5f9e5ed82f434668b44f53464e5785b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ad244bbc2e4b58c0effb3cfa451b9eba5664422dcabcf96ce1f2f153c7d14b1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56718974A00219DFCB14DF55D484AAEBBF4FF48318F04849AE81AAB392C778ED45DB91
                                                                                                                                                                                                                                                                                                                                                      Function 0055719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00557206
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0055723C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0055724D
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 005572CF
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 69fe0fe3d47617963285c108e5f849d665cb7f3f66f003f54022a8b6667d2f17
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b76126e1d642c7c76da98000d2b55dd3649e5973ace13e3edc723a0b21fe6dde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69fe0fe3d47617963285c108e5f849d665cb7f3f66f003f54022a8b6667d2f17
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8419175604208EFDB15CF54D894A9A7FA9FF48311F2480AABD059F20AD7B0DA49DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00582F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00582F8D
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00582F94
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00582FA9
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00582FB1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c5a9df02fe4c9887fc2e10e012473548c6ccd1c11cb4537729a59cbdfc0fb73a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f9b708de27533462a715b01a900cba4b72a7ee68ec29a4f00bbaeb153f0766cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5a9df02fe4c9887fc2e10e012473548c6ccd1c11cb4537729a59cbdfc0fb73a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43218871204209ABEB106F649C86EBB3FB9FF59368F100628FE50E6190D671DC51EB60
                                                                                                                                                                                                                                                                                                                                                      Function 00514D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00514D1E,005228E9,?,00514CBE,005228E9,005B88B8,0000000C,00514E15,005228E9,00000002), ref: 00514D8D
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00514DA0
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00514D1E,005228E9,?,00514CBE,005228E9,005B88B8,0000000C,00514E15,005228E9,00000002,00000000), ref: 00514DC3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3dbe3f3354e3da9a1ddad49dcce0e5a2888249cf655f858f6f04f44ea3811917
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e8f1154d2e48608115675e70f31cca0662a86be3c0858602a2d33e4f99b4d46
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dbe3f3354e3da9a1ddad49dcce0e5a2888249cf655f858f6f04f44ea3811917
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F03C35A40208ABEB119B90EC49BEDBFA5FF54752F0011A8B905A62A0CB705989DFA1
                                                                                                                                                                                                                                                                                                                                                      Function 004F4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,004F4EDD,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E9C
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004F4EAE
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,004F4EDD,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4EC0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0149ec74392b65d10fcac10dad7d4b1e71d0ca77d541319dc7379a9cda12280
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f690807cf26a7227823f3a3772cbac17e437c4bf32ccffed9ee5a9ed4952a67c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0149ec74392b65d10fcac10dad7d4b1e71d0ca77d541319dc7379a9cda12280
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E04636A02A225BD3221B25AC5CA6B6A58AFD2B63B050116AE00F2340DF788909D2B4
                                                                                                                                                                                                                                                                                                                                                      Function 004F4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00533CDE,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E62
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004F4E74
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00533CDE,?,005C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004F4E87
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 193d2fcfa3e63118cc0d87c4e4df39112ef6a967635902c407ca950f88783e71
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a14434c4a2f7c895d8af7114585d2a0d1f6869e0c4647cd371256f5c67256ee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 193d2fcfa3e63118cc0d87c4e4df39112ef6a967635902c407ca950f88783e71
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DD0C231602A215787321B247C0CE9B2E18BFC1F213450212BE00B6210CF38CD09D7F4
                                                                                                                                                                                                                                                                                                                                                      Function 00562947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00562C05
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00562C87
                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00562C9D
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00562CAE
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00562CC0
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 22fd711ee4f7ea4e8595dd10201a81d66573d0b93cb4df80cc9f3d3f71606afa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 429e785b9e7b309311a6d5dc76f251f53ffe9cc49ee2de37fd634faccdb4d44c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22fd711ee4f7ea4e8595dd10201a81d66573d0b93cb4df80cc9f3d3f71606afa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38B14E7190051EABDF21DBA4CC89EEEBBBDFF48354F1040A6F609E7151EA349A448F61
                                                                                                                                                                                                                                                                                                                                                      Function 0057A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0057A427
                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0057A435
                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0057A468
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0057A63D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4570cc7dda3fec6bc2ace8cf07c660dde2d937d1d292876c966c4e790ebfab91
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d4944b50a5568cb5a6bfd4d31eafcc35c6dfcf3c98c6704e5a920cebf720cbc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4570cc7dda3fec6bc2ace8cf07c660dde2d937d1d292876c966c4e790ebfab91
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0A1B171604301AFDB20DF24D886F2ABBE5BF84714F14881DF95A9B2D2D7B4EC418B96
                                                                                                                                                                                                                                                                                                                                                      Function 0052BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00593700), ref: 0052BB91
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,005C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0052BC09
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,005C1270,000000FF,?,0000003F,00000000,?), ref: 0052BC36
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052BB7F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052BD4B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aef01aaa7c521de66e37dec8e038f2031f893b3089bf4d7ea62966da26b31f5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5ccdf52e7bf502b96e3132c37c66dc2d449e634fe085628033fd4c7c99d92096
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aef01aaa7c521de66e37dec8e038f2031f893b3089bf4d7ea62966da26b31f5b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D51297590062AAFEB10DF65AC859AEBFBCFF93310F10066AE410E71D1DB309E449750
                                                                                                                                                                                                                                                                                                                                                      Function 0055E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0055CF22,?), ref: 0055DDFD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0055CF22,?), ref: 0055DE16
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E199: GetFileAttributesW.KERNEL32(?,0055CF95), ref: 0055E19A
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0055E473
                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0055E4AC
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055E5EB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0055E603
                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0055E650
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64d8708f370c298b5739c7c93a00afe2a9ecdb88580ae3d2a67e41f0eb712b80
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 42d21bce0d76f36e74f3739dc1e954d0323b059d66057c5d1060a37aec2c96ac
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64d8708f370c298b5739c7c93a00afe2a9ecdb88580ae3d2a67e41f0eb712b80
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D5170B24083459BDB28EB90D8959DB7BECAF84341F00091FFA89D3151EF35A68C8766
                                                                                                                                                                                                                                                                                                                                                      Function 0057B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0057B6AE,?,?), ref: 0057C9B5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057C9F1
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA68
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057C998: _wcslen.LIBCMT ref: 0057CA9E
                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0057BAA5
                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0057BB00
                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0057BB63
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0057BBA6
                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0057BBB3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 636e723bc0ca054fb11cf29ed6325cde1cfeeb1005eff7407c72918d251f66ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4edd9fbec5908848d42e7f14501ac65a2aaa0f962e980790c8e959e2c1d62f1f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 636e723bc0ca054fb11cf29ed6325cde1cfeeb1005eff7407c72918d251f66ea
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9361CC70208241AFD314EF24D494F2ABBE5FF84348F14896DF4998B2A2CB31ED45DB92
                                                                                                                                                                                                                                                                                                                                                      Function 00558BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00558BCD
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00558C3E
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 00558C9D
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00558D10
                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00558D3B
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e126fc76770e39e5c252c45162991b644df177a277c0d28b8e1cf4a5361a120b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26ce9d003480703850f1c8356541e43182678f485165bd823a4f86d2b548dd30
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e126fc76770e39e5c252c45162991b644df177a277c0d28b8e1cf4a5361a120b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61515C75A00219DFCB14CF58C894AAABBF5FF89311B15855AED05EB350E730E915CF90
                                                                                                                                                                                                                                                                                                                                                      Function 00568AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00568BAE
                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00568BDA
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00568C32
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00568C57
                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00568C5F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 08cd2e0a5a9bf637a6db4d637c0fb3fd47e444bc575969c05f4d868943b0b580
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 477fc86e2db75fafc40318e5588a4043989118aa0b06d528dedb868f1b0999cc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08cd2e0a5a9bf637a6db4d637c0fb3fd47e444bc575969c05f4d868943b0b580
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F515E35A00219AFDB10DF65C880E6DBBF5FF48318F088459E949AB3A2CB35ED45DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00578EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00578F40
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00578FD0
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00578FEC
                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00579032
                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00579052
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00561043,?,7529E610), ref: 0050F6E6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0054FA64,00000000,00000000,?,?,00561043,?,7529E610,?,0054FA64), ref: 0050F70D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 302da5569da81dc623c0974684cdcf7fc2a3621a1e2f0dd5b1f41fd61c3f8e03
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 71a1ca250450c34929f054c37151a61a8cec3e4d48caecc1b24f4a05a55a754f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 302da5569da81dc623c0974684cdcf7fc2a3621a1e2f0dd5b1f41fd61c3f8e03
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC513934600205DFCB11DF59D4989ADBFB1FF49358B048099E90AAB362DB35ED85DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00586B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00586C33
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00586C4A
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00586C73
                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0056AB79,00000000,00000000), ref: 00586C98
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00586CC7
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6984522041f6db56d2cbf398ec3a2e81877277532741cff8644336651c57f527
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30808ce010c0f33b9125a5735e965253125879a34523c27a913fe1e332e2badc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6984522041f6db56d2cbf398ec3a2e81877277532741cff8644336651c57f527
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3941AD35A04104AFDB24EF28CC58FA97FA5FB09360F140628EC99BB2A0C371ED41DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00522051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2a8c313701d4dd797082f499640ab7e0bcd8984138f543abb3326eda9cc149a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4781d595fa8fc89f164460b4941c9345e4d6d6b73dd781d4daaea7e9faa1559
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2a8c313701d4dd797082f499640ab7e0bcd8984138f543abb3326eda9cc149a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF41D23AA00214AFDB24DF78D885A5DBBA5FF8A314F154568E615EB391DB31AD01CB80
                                                                                                                                                                                                                                                                                                                                                      Function 0050912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00509141
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 0050915E
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00509183
                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 0050919D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51e8be190fc1990ddc89e3ac8e07527eaf4fc79e3fe34a6ce6a412d7041e7ec6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f35a03a06683654078966e83e2f939d95ea87ac7a514596f36af43defc554d8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51e8be190fc1990ddc89e3ac8e07527eaf4fc79e3fe34a6ce6a412d7041e7ec6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0415C71A0860BBBDF159F64C848BEEBF74FF49324F208219E829A62D5C7306954DB91
                                                                                                                                                                                                                                                                                                                                                      Function 00563874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 005638CB
                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00563922
                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0056394B
                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00563955
                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00563966
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0ea7a74d075069cef0dc2ed41d89bfa861765ffa7ed355694edf96ad42e74a5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68bf4082ccd283e59088f9ba99942beb67c4fc914019c57b5fb0c95ea3d73d3b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0ea7a74d075069cef0dc2ed41d89bfa861765ffa7ed355694edf96ad42e74a5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49318670504B429EEB35CF34D849FB63FA8FB26304F14096DE452931A1E7B49A89DF25
                                                                                                                                                                                                                                                                                                                                                      Function 0056CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0056C21E,00000000), ref: 0056CF38
                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0056CF6F
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0056C21E,00000000), ref: 0056CFB4
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0056C21E,00000000), ref: 0056CFC8
                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0056C21E,00000000), ref: 0056CFF2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cab109c1e669789756d2c31a789969576e30cd16f5f9b60f93f2bb8ca1255763
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3c3e3736d196e2cb22d37e4d98ceaf3b2d72fd6f11cd0efd7d1104fcfc96876
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cab109c1e669789756d2c31a789969576e30cd16f5f9b60f93f2bb8ca1255763
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8314B71600206EFDB20DFA5D8889BBBFF9FB54354B10442EF556E3241DB30AE459B60
                                                                                                                                                                                                                                                                                                                                                      Function 00551901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00551915
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 005519C1
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 005519C9
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 005519DA
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 005519E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dcdd52c3bead9f19e13a0f033d6f278c565dfd9854448cefda15aae1489c8b70
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0afe55da1736b3f2618e5a6e461c9c7b35318191e0ce691b12caabcc9db06ce3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcdd52c3bead9f19e13a0f033d6f278c565dfd9854448cefda15aae1489c8b70
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68319E71A00219EFCB00CFA8C9A9B9E7FB5FB54315F10422AFD21AB2D1C7709948DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00585706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00585745
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0058579D
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005857AF
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005857BA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00585816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef1fad02d11082879055144a01a92baa6280d2815c53beddd70f986612a1fedd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1fa1c053497fa8d5207b463e83c44ddd8223fb53f294cbe0ab43d3158e90d614
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef1fad02d11082879055144a01a92baa6280d2815c53beddd70f986612a1fedd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8321A2319046189ADF21AFA4CC84AEEBFB8FF54320F108616ED29FA190E7708985CF50
                                                                                                                                                                                                                                                                                                                                                      Function 00570930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00570951
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00570968
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 005709A4
                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 005709B0
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 005709E8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 611e2b847e00976160a8b5fdb50c684a6275260868f6f32dbb44374ff15f09da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 05dee59f52bd6391c9b355af96a6d51d57df055b0b79ba976afef32de0fab01d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 611e2b847e00976160a8b5fdb50c684a6275260868f6f32dbb44374ff15f09da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A216F35600204AFD704EF69D989AAEBFE9FF44744F04846DE94AA7352DB34EC04DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0052CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 0052CDC6
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0052CDE9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00523820: RtlAllocateHeap.NTDLL(00000000,?,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6,?,004F1129), ref: 00523852
                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0052CE0F
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052CE22
                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0052CE31
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 84b5979bb748b308159142f0e9b6c34910f250f83c5ae5c9a1532d1c22e20eac
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c2bc17351f399ea153f88ef2a3da253a5ab2eff20b79b509e8d2a8365f1d603d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84b5979bb748b308159142f0e9b6c34910f250f83c5ae5c9a1532d1c22e20eac
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D00171726026257F232216B67C8CD7F6D6DFEC7BA13160129FD05D7282EA618D0292B1
                                                                                                                                                                                                                                                                                                                                                      Function 00509639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00509693
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 005096A2
                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 005096B9
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 005096E2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e0b9fb64b79f1affe53c2cf826b1d974f73fa09b92df0b83950c58ef9cb0c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 231c686cba4ba4845116f9d5952e632df4777b305d82ca84f5cbcf3aaea1edd9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e0b9fb64b79f1affe53c2cf826b1d974f73fa09b92df0b83950c58ef9cb0c9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C217170801B09EFDB119F64EC08BAD3FB4BB61755F100215F811A71E6D3719859EB98
                                                                                                                                                                                                                                                                                                                                                      Function 00555711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2cc3f02c4fdae2c561e510510b075cef5fa72baab72a14ff1d45b7cc738574a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83f66314ef1f3781c7ee3c7db95d920a5e93d553dd51a06292bc6e261a8e9c0a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cc3f02c4fdae2c561e510510b075cef5fa72baab72a14ff1d45b7cc738574a3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8001F961251A09BBE20861119D72FFB7F5CFB683D6F100422FE05AA241F720EE5483A4
                                                                                                                                                                                                                                                                                                                                                      Function 0055000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?,?,0055035E), ref: 0055002B
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?), ref: 00550046
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?), ref: 00550054
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?), ref: 00550064
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0054FF41,80070057,?,?), ref: 00550070
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41a83b1a1a3158aa04227c76a2956a14f8629e42c1f85aba4b6ce6886bff8a6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d9b53a5fa9ee7ddf9c5f928cc394796dcdae82dd35ad3c4b96821c16a5ab9814
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41a83b1a1a3158aa04227c76a2956a14f8629e42c1f85aba4b6ce6886bff8a6a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2018F72600204BFDB104F69DC08BAA7EADFB44752F546125FD05E22A0D771DD48ABA0
                                                                                                                                                                                                                                                                                                                                                      Function 0055E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0055E997
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 0055E9A5
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0055E9AD
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0055E9B7
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 0055E9F3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b88d9c85624ef431dfd0335e984c40ddd38912ae5f171a37762fb5b39ab0635f
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 04bd6edc157cde6116a4bdcee8c13953b7344567f8c6edd425b3cc92676cc77c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b88d9c85624ef431dfd0335e984c40ddd38912ae5f171a37762fb5b39ab0635f
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B015731C01629DBCF04ABE4D8AEAEDBF78BB19302F000546E912B2241DB309658DBA1
                                                                                                                                                                                                                                                                                                                                                      Function 005510F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00551114
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551120
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 0055112F
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00550B9B,?,?,?), ref: 00551136
                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0055114D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5db23affd37ea1193ac919f1dddf6ba48911c9327bc1710e57a70590e2de36a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b2725359efb55ab53947f88874cb069b1ee316aaa74f588aa953cc7fec72183
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5db23affd37ea1193ac919f1dddf6ba48911c9327bc1710e57a70590e2de36a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B014675200605AFDB114BA4EC89A6A3F6EEF893A1B210459FE41E2260DB31DC04EB70
                                                                                                                                                                                                                                                                                                                                                      Function 00550FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00550FCA
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00550FD6
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00550FE5
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00550FEC
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00551002
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 548ecc46d7149afc0a4880740e9f947bd7d5b2035b1e3b44db36440bfefd1770
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f86616aa1a9876118af4aeccd6489697a16d67899a905dbc9c8589743305bf2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 548ecc46d7149afc0a4880740e9f947bd7d5b2035b1e3b44db36440bfefd1770
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF08735200301EBDB210FA5AC8DF5A3FA9FF99762F500415FE05AA2A0DA30E8449B70
                                                                                                                                                                                                                                                                                                                                                      Function 00551014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0055102A
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00551036
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00551045
                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0055104C
                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00551062
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b8e13848fdb19141faacec7786e2a7f1de7c281878ef122da1f26233ca14b28
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5773515caa62e809d2da9054621dceb4f1d119d9dc93fb7bdfd0ea5bdb50c81a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b8e13848fdb19141faacec7786e2a7f1de7c281878ef122da1f26233ca14b28
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F03735200711EBDB215FA6EC9DF5A3FADFF99662F200415FE45AA2A0CA70D8449B70
                                                                                                                                                                                                                                                                                                                                                      Function 0056030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 00560324
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 00560331
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 0056033E
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 0056034B
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 00560358
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0056017D,?,005632FC,?,00000001,00532592,?), ref: 00560365
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fbc15be1e9ee5505ed70a464ce56c79526ba6c59d1fbffcfdbd477edad50e6c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9157d27f7e4dbd0bbd68af61d6ce7f3e1817db4d7f0669fd80b972a19ebf4e88
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbc15be1e9ee5505ed70a464ce56c79526ba6c59d1fbffcfdbd477edad50e6c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0101DC72900B118FCB30AF66D880803FBF9BE602063049E3ED19252A70C3B0A988DF80
                                                                                                                                                                                                                                                                                                                                                      Function 0052D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D752
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D764
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D776
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D788
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052D79A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a1e88271189b3584d8f16097a959608470c007d38ba735cace81bd5f62ddf1b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 37288e8e8b338178870eebea87e7eccfea11a61d0c48984fafa14317ee63cafa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1e88271189b3584d8f16097a959608470c007d38ba735cace81bd5f62ddf1b4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0F03C32504625AB8661EB64F9C5D167FEDFF4A310BA80C05F049D7582C728FCC08674
                                                                                                                                                                                                                                                                                                                                                      Function 00555C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00555C58
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00555C6F
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00555C87
                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 00555CA3
                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 00555CBD
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0ec61a17feb230a8063301f0a93249d6333ec81ff96e7864a149fb5f5f7a0fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d364d5b26de1b84db588f2830b16cafc53d0dfd136d1c89cf1163a96eca241be
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ec61a17feb230a8063301f0a93249d6333ec81ff96e7864a149fb5f5f7a0fa
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B018B305007049BEB205B15DD6EFA57FB8BF10706F00156AA953B14E1E7F46D4C9B50
                                                                                                                                                                                                                                                                                                                                                      Function 005222A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005222BE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000), ref: 005229DE
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005229C8: GetLastError.KERNEL32(00000000,?,0052D7D1,00000000,00000000,00000000,00000000,?,0052D7F8,00000000,00000007,00000000,?,0052DBF5,00000000,00000000), ref: 005229F0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005222D0
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005222E3
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 005222F4
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00522305
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1cad38b2f35d1456ef4aaf90c06edf01498af6e67d65782b2c6d8721df60b5e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 991bb1a067fc17ad9979c32a9a8ad53962ae4240f4e0492523a9749bc4c1a63e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cad38b2f35d1456ef4aaf90c06edf01498af6e67d65782b2c6d8721df60b5e9
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F01D7E800932AF8612AF54BC05C483F64FB3A751B41160AF418D22F2C73514D5BAA8
                                                                                                                                                                                                                                                                                                                                                      Function 005095C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 005095D4
                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,005471F7,00000000,?,?,?), ref: 005095F0
                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00509603
                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00509616
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00509631
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4cf92d1122fbce94cbc6bf74944575d24676dcc19b78bac3be0156763d9d60f0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f521d53bcd5723f6a2d97a6f9c515483fa6616c5982466dd4c240c1f900550d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cf92d1122fbce94cbc6bf74944575d24676dcc19b78bac3be0156763d9d60f0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49F03C30005E08EFDB525F65ED1CB683F61BB22362F048214F825650F2C73189A9FF28
                                                                                                                                                                                                                                                                                                                                                      Function 00520F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e42d355f466611826be57ef3bb4f10f0e7361a8ecb662a167520957b3a33c7da
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5961793179dbf644691af7fe18d1e5abf505e9a6fc7ea462c5bd2795a3b77847
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e42d355f466611826be57ef3bb4f10f0e7361a8ecb662a167520957b3a33c7da
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DD1E335900A26DBDB24CF68E8896BBBFB2FF37310F240959E5019B6D0D2359D81CB59
                                                                                                                                                                                                                                                                                                                                                      Function 005761D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00510242: EnterCriticalSection.KERNEL32(005C070C,005C1884,?,?,0050198B,005C2518,?,?,?,004F12F9,00000000), ref: 0051024D
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00510242: LeaveCriticalSection.KERNEL32(005C070C,?,0050198B,005C2518,?,?,?,004F12F9,00000000), ref: 0051028A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005100A3: __onexit.LIBCMT ref: 005100A9
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00576238
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005101F8: EnterCriticalSection.KERNEL32(005C070C,?,?,00508747,005C2514), ref: 00510202
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 005101F8: LeaveCriticalSection.KERNEL32(005C070C,?,00508747,005C2514), ref: 00510235
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005635E4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0056359C: LoadStringW.USER32(005C2390,?,00000FFF,?), ref: 0056360A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                      • String ID: x#\$x#\$x#\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1072379062-1758250086
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a92c35333dc577c9445eae2ebd434046b473125935731f53da880e82fd94258c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 13a5e13e8e00ca8249c6e7323a7b12d56b772d94d2acffe84785847ced4e330d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a92c35333dc577c9445eae2ebd434046b473125935731f53da880e82fd94258c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7C19371A0050AAFCB14DF98D895EBEBBB9FF48300F148469F9099B291DB70ED45DB90
                                                                                                                                                                                                                                                                                                                                                      Function 00525AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: JOO
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-332324559
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3aa16df302615e315110e76043f0e083397f7a9caf1e75ff64c77b475fbf05ff
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9e8eef30e6ca0bbc4c7287468706ea3a9acd8cdd8ae8bd90ff558789fc7797b1
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3aa16df302615e315110e76043f0e083397f7a9caf1e75ff64c77b475fbf05ff
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F51CF75E0062AAFDB219FA4E849EEEBFB8BF86310F140419F405B72D1F6319D419B61
                                                                                                                                                                                                                                                                                                                                                      Function 00528A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00528B6E
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00528B7A
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00528B81
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID: .Q
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2434981716-3049930668
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4604b0b6e571cd9d71ff27874684737e20028e9cfda745ca2464129824c2521
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bbd51590d99576c244dd911ebf38b6bc388bb0d8aa600dc96099afbdbed7be25
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4604b0b6e571cd9d71ff27874684737e20028e9cfda745ca2464129824c2521
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0418C70605065AFDB249FA4EC85A797FA5FF87310F2845ADF895876C2DE318C029790
                                                                                                                                                                                                                                                                                                                                                      Function 00552716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005521D0,?,?,00000034,00000800,?,00000034), ref: 0055B42D
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00552760
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0055B3F8
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0055B355
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00552194,00000034,?,?,00001004,00000000,00000000), ref: 0055B365
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00552194,00000034,?,?,00001004,00000000,00000000), ref: 0055B37B
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 005527CD
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0055281A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a5bd50673a57653d49ecd91eea445f71a45addba7effd94bb5a6ab129fb60ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad670d302e20d11d122f9ff2c71dcbab102e7f0e51691a468baee6e6253a0940
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5bd50673a57653d49ecd91eea445f71a45addba7effd94bb5a6ab129fb60ad
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3413C72900219BFDB10DBA4CD95AEEBBB8FF49300F10405AFA55B7181DB706E49CBA1
                                                                                                                                                                                                                                                                                                                                                      Function 0052172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\mdPov8VTwi.exe,00000104), ref: 00521769
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00521834
                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 0052183E
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-3420649871
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ce29cbd838ee322d1c55cc057d39282492a36cb593890da2e14aa1fa376f3a5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 34bed8f827c99fde71392f278419a59f0a1df15347474c743e19b01f9a304b9b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce29cbd838ee322d1c55cc057d39282492a36cb593890da2e14aa1fa376f3a5d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6319379A00A28AFDB11DB99A885D9FBFBCFFA6310F144166E40497251D6708A40D794
                                                                                                                                                                                                                                                                                                                                                      Function 0055C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0055C306
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 0055C34C
                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,005C1990,018253A0), ref: 0055C395
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e09bf993125fea049a0706debf579507ee3b44efcfede3df11d1efa9ff6cb34e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45d32b930bfccaca9fdf10ee222f150f5d75d8d6156cf342c3e611a11620638d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e09bf993125fea049a0706debf579507ee3b44efcfede3df11d1efa9ff6cb34e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF418E312043069FDB20DF25D894B6ABFE4BF85321F158A1EFDA597291D730A908CB62
                                                                                                                                                                                                                                                                                                                                                      Function 00584416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0058CC08,00000000,?,?,?,?), ref: 005844AA
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 005844C7
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005844D7
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 30ae22fd57acff09e1404a3f8a6a927645671c2ac61542d39fa7db7db3594a7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 549f8127dc2d868a157377fce8241e639109597a97c8dc086060b9ddd9459e5e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30ae22fd57acff09e1404a3f8a6a927645671c2ac61542d39fa7db7db3594a7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59317C31210606AFDF20AE78DC45BEA7BA9FB49324F204725FD75A21E1D770AC509B60
                                                                                                                                                                                                                                                                                                                                                      Function 00556E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SysReAllocString.OLEAUT32(?,?), ref: 00556EED
                                                                                                                                                                                                                                                                                                                                                      • VariantCopyInd.OLEAUT32(?,?), ref: 00556F08
                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00556F12
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                      • String ID: *jU
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2173805711-1317551218
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 174df69d5a610740252549747dd97a0117b8f0ce579901fd4f3e100caecafec4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b372dc8b13ddb610d7439a1ef58879432e545352e43ae7d554bb816539ef78a
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 174df69d5a610740252549747dd97a0117b8f0ce579901fd4f3e100caecafec4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3831C771A04289DFCB04AF65E8619BD3B76FF85305B50085EFD024B2B1C7349959DBE4
                                                                                                                                                                                                                                                                                                                                                      Function 0057304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0057335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00573077,?,?), ref: 00573378
                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0057307A
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0057309B
                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000), ref: 00573106
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a7899dd2439de73536c7d4e952f25e5c4e6b4706991d36dec0f93656b2c48689
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45467ca2f1274bd04d312d5f511df5c264b68714cd5ff066d602c96070597707
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7899dd2439de73536c7d4e952f25e5c4e6b4706991d36dec0f93656b2c48689
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF31D5396002059FC710DF29D489EA97FE0FF54328F64C459E9198B3A2D771EE45EB60
                                                                                                                                                                                                                                                                                                                                                      Function 00584653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00584705
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00584713
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0058471A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1399bc825b749d850578131b9fbcd129035f9aebcf892f413148de33f401434b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d2f64de8b2cb16923bf58984bd300227055f23f126550e78f8e4ab8fa271b703
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1399bc825b749d850578131b9fbcd129035f9aebcf892f413148de33f401434b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5217FB5600209AFDB10EF68DC85DB63BADFB9A358B000059FE01EB251DB30EC12DB60
                                                                                                                                                                                                                                                                                                                                                      Function 005595AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 241defd7392bbea98f7c0fb24c9d0c3cadb23a9ef697e983ba16aad9aa07bcfc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bb8a85d611b72516d52c6710791793ecc63c19d1cc863ab633287d736b3821ef
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 241defd7392bbea98f7c0fb24c9d0c3cadb23a9ef697e983ba16aad9aa07bcfc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02214332204211A6E731AA24D826FBB7B98BFA4311F44442BFE4997081EB58AD9DC3D5
                                                                                                                                                                                                                                                                                                                                                      Function 005837B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00583840
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00583850
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00583876
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9dc7c8bf3edd88ecd952e07de6a300878a469247972f564fcfa3b568e2ddc78e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7908fe957dc89b9e4167ab7f6aa0e108e668f3fe58aa231b4b61fffea9c5ebaa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dc7c8bf3edd88ecd952e07de6a300878a469247972f564fcfa3b568e2ddc78e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D221B072610118BBEF119F54CC45EBB3B6EFF89B54F118124FD00AB190CA71DD528BA0
                                                                                                                                                                                                                                                                                                                                                      Function 005649F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00564A08
                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00564A5C
                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0058CC08), ref: 00564AD0
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 63dc03e2afedb300bd65f01f8c22b45d3ceab701c8298365787d596e0a5e4ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d72ae9fe4c6331f4e3185c701582a4c30938d2930c4ad875c541f449b107ae17
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63dc03e2afedb300bd65f01f8c22b45d3ceab701c8298365787d596e0a5e4ec0
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A313E75A00209AFDB10DF64C885EAA7BF9FF48308F1480A9E909EB252D775ED45CB61
                                                                                                                                                                                                                                                                                                                                                      Function 005841EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0058424F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00584264
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00584271
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4238134bca26684249158117794710e81eb2fdd931a2c297d1735a603a071e74
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 93091f66680e6c0dd835ee2f414e23f83ab57b505ce7f684dc8f719dc8cfcfae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4238134bca26684249158117794710e81eb2fdd931a2c297d1735a603a071e74
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3611C131244209BEEF20AE29CC06FAB3BACFF95B54F110524FE55F6090D671D8219B20
                                                                                                                                                                                                                                                                                                                                                      Function 00552F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00552DC5
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00552DD6
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552DA7: GetCurrentThreadId.KERNEL32 ref: 00552DDD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00552DE4
                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00552F78
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00552DEE: GetParent.USER32(00000000), ref: 00552DF9
                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00552FC3
                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,0055303B), ref: 00552FEB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 824821f81afdb5c522bd8157098137e61f6c5703ff7fb812375e56da87679a0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1250dbe2dddbdc0a38dd38fe08c224b9def11318620e9d003d868cff72c60fe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 824821f81afdb5c522bd8157098137e61f6c5703ff7fb812375e56da87679a0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE11A5716002196BCF54BF658C99EED3F6ABF94305F044076BD09AB192DE30594D9B70
                                                                                                                                                                                                                                                                                                                                                      Function 00585882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005858C1
                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005858EE
                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 005858FD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c5ff53a85a2ee5ca6289e96f08a8bccf9ee44808eecfb5f6220d6ab3b2ea515
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab574b015806f2ab2f5057b9ed279a0feaaf2a2343e04ccd65e1712923673b2b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c5ff53a85a2ee5ca6289e96f08a8bccf9ee44808eecfb5f6220d6ab3b2ea515
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B010C31500219EEDB61AF11D844BAEBFB8BB45361F148499E849E6161EB308A94EF21
                                                                                                                                                                                                                                                                                                                                                      Function 0055007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0b8b46d8c7555de6fe7dfa797c4df44976cfc567196fcc0cdb3814f5b1d7b0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1920e79813fbca3741fe8a4967be61043b7a652dfa6324b9ccdd30e30aa08a37
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0b8b46d8c7555de6fe7dfa797c4df44976cfc567196fcc0cdb3814f5b1d7b0c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0C19E75A00206EFCB14CF94C8A4EAEBBB5FF48315F219599E805EB291D730ED45DB90
                                                                                                                                                                                                                                                                                                                                                      Function 0057342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 48b6ae55771651cab64785c7ea37940419d227b533420a73388202eadd0e607c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dae02da31492058f1bbb572c8932ea78b2cf292ec6d52702846cf168ddff5176
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48b6ae55771651cab64785c7ea37940419d227b533420a73388202eadd0e607c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63A18E75204305AFC700DF25D485A2ABBE5FF88724F04885DF98A9B362DB34EE05DB55
                                                                                                                                                                                                                                                                                                                                                      Function 00550436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0058FC08,?), ref: 005505F0
                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0058FC08,?), ref: 00550608
                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0058CC40,000000FF,?,00000000,00000800,00000000,?,0058FC08,?), ref: 0055062D
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 0055064E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 771802ca585791a0997fb488500cbe2696b1be3d65cc36a86cf9b23cd6189399
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 875153ce3094038dad34bb64abeced8f4b5acfe71be9b77f6bbb1ffbb7325dab
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771802ca585791a0997fb488500cbe2696b1be3d65cc36a86cf9b23cd6189399
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0810071900109EFCB04DF94C994DEEBBB9FF89315F104559E916AB250DB71AE0ACF60
                                                                                                                                                                                                                                                                                                                                                      Function 0057A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0057A6AC
                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0057A6BA
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0057A79C
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0057A7AB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00533303,?), ref: 0050CE8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f8a093b2ffb7d9dbeadfd6a7f7a421d1b92f704c1475cb0ea10afdccd05c45d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b56daccf3dfc874434f98a2c985e734aee6160d762e42d511dcd12a8e970f7fe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f8a093b2ffb7d9dbeadfd6a7f7a421d1b92f704c1475cb0ea10afdccd05c45d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4515D715083059FD710EF25D886A6FBBE8FF89754F00891EF58997291EB34D904CB92
                                                                                                                                                                                                                                                                                                                                                      Function 00531391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bd105153581f87c3feed0e269c96f5883ee0193252d569c7fbeb88755748db1d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a520121f953732c098a55324d7c80fea5dfd94648feff05b2f88fd6fdfdf7ab2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd105153581f87c3feed0e269c96f5883ee0193252d569c7fbeb88755748db1d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63417C35A00912ABEF217BBC9C4A6BE3FA5FF82330F144625F429D22D2FA3048815775
                                                                                                                                                                                                                                                                                                                                                      Function 00586278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 005862E2
                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00586315
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00586382
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac1c0cd86e1326048f716f6c21e9086121607a2419d91b3b8a8ae1bd1967396e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b53c86be15322f4578c6cc0208d47844c5906e5f9e17852c3653a6257fa53cb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac1c0cd86e1326048f716f6c21e9086121607a2419d91b3b8a8ae1bd1967396e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92512A74A00609EFDF10EF68D880AAE7BB5FF55360F108569F955AB2A0DB30ED41DB50
                                                                                                                                                                                                                                                                                                                                                      Function 00571AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00571AFD
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571B0B
                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00571B8A
                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00571B94
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a41fed85caecc07102f11de8e1dcde679ede90372c65ca3865fdc7ec87997c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d9bcc3985e0c5b7facb24e2c3fff8e310e9942524b043512e8a9ec3c75d01537
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a41fed85caecc07102f11de8e1dcde679ede90372c65ca3865fdc7ec87997c4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C419E34600600AFE720AF25D886F3A7BE5AB44718F54C48DFA1A9F2D3D776ED418B94
                                                                                                                                                                                                                                                                                                                                                      Function 0052B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0e37b1b18ba06d383d01a50ee2e621719f90ef468cf17587c8482b7193fb8e2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68f63b80d0606c9dc566ebeebf3df4fac5ed4ca049c98a1e186c7050fef23978
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e37b1b18ba06d383d01a50ee2e621719f90ef468cf17587c8482b7193fb8e2c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC41F675A00614AFEB24AF38DC85BAA7FAAFF85710F10452AF551DB2C2D37199418780
                                                                                                                                                                                                                                                                                                                                                      Function 005656D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00565783
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 005657A9
                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 005657CE
                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 005657FA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6407f1b22ed03b4cf45c0917954ada580e13941d70aaddf186173a73ceab782
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d93297c174ea20edb8c7c1ffd79501508a499b04c39730ffdab968fd2d5b061
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6407f1b22ed03b4cf45c0917954ada580e13941d70aaddf186173a73ceab782
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B415E39200615DFCB10DF15C544A2DBBE2FF89368B188489ED4AAB762DB78FD04CB95
                                                                                                                                                                                                                                                                                                                                                      Function 0052D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00516D71,00000000,00000000,005182D9,?,005182D9,?,00000001,00516D71,?,00000001,005182D9,005182D9), ref: 0052D910
                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0052D999
                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0052D9AB
                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 0052D9B4
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00523820: RtlAllocateHeap.NTDLL(00000000,?,005C1444,?,0050FDF5,?,?,004FA976,00000010,005C1440,004F13FC,?,004F13C6,?,004F1129), ref: 00523852
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d0e7075d475ace9dd7a9c295015dc23b050bdc5dfc87db54f09a3b80125b807
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f442d19ccfc309a5fa0f20528235e7c44c2e3beb25fef0df652b9bfdc3ebeee
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d0e7075d475ace9dd7a9c295015dc23b050bdc5dfc87db54f09a3b80125b807
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3319F72A0021AABDB24DF64EC85EAE7FB5FF42350F154168FC0496290EB35DD94CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005852C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00585352
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00585375
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00585382
                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005853A8
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f2cac309be4840e0f34738fbaab983466a09c44cb8fcbd4c34d8f834e129ded
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f04d945162cc56a362024a71381401ff2972102066a3c5e5418604f9c4116eda
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f2cac309be4840e0f34738fbaab983466a09c44cb8fcbd4c34d8f834e129ded
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9831AF34A55E08BFEB21AE14CC06FE83F65BB05391F984901BE11B61E1EBB49E40AB51
                                                                                                                                                                                                                                                                                                                                                      Function 0055AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0055ABF1
                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 0055AC0D
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 0055AC74
                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0055ACC6
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f70528852b32140545a6cf3d2998b2fc49da4e238a3f10387678a2fa354eebe
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92dbdae140ea5f88f85c4ca9eec973da9d6db041ea8cefd54ce0bd92330bed89
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f70528852b32140545a6cf3d2998b2fc49da4e238a3f10387678a2fa354eebe
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43311430A00218AFFF25CB6988297FA7FA5BB89312F04471BFC85961D0D3748D8D9762
                                                                                                                                                                                                                                                                                                                                                      Function 00587674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0058769A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00587710
                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00588B89), ref: 00587720
                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0058778C
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd74bcd46a22f3c7b9ad854e2cfd193247b9aa422eca746ae86a5460aa24c582
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed8150770d706fbb0f8e593bd3a34f3118729fb27b01c58f44b2d5f407ecde33
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd74bcd46a22f3c7b9ad854e2cfd193247b9aa422eca746ae86a5460aa24c582
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F419A34A056199FCB01EF58C894EA9BFF4FB5E300F2840A8EC14EB261D330E945DB90
                                                                                                                                                                                                                                                                                                                                                      Function 005816DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 005816EB
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00553A57
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: GetCurrentThreadId.KERNEL32 ref: 00553A5E
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005525B3), ref: 00553A65
                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 005816FF
                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 0058174C
                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00581752
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9dfa36b149f99eac205410f3618c63716ec09ff27af1abaf9e80b4bb2e77a9dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8da59a442fae849ad2424951b78087e5fe4a937d02001729b057de3e9d0230b5
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dfa36b149f99eac205410f3618c63716ec09ff27af1abaf9e80b4bb2e77a9dc
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B313275D00149AFCB00EFAAC885CAEBBFDFF48304B50406EE515E7251D6359E45CBA5
                                                                                                                                                                                                                                                                                                                                                      Function 00588FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00509BB2
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00589001
                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00547711,?,?,?,?,?), ref: 00589016
                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0058905E
                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00547711,?,?,?), ref: 00589094
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e270f83bc65321be755c81f87a224a131b18668a68524464eb0598d90ec33ed6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cdb92b26bd29e30cf67832eadd7883d36d2622b674a9da960dd413eb2f6273df
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e270f83bc65321be755c81f87a224a131b18668a68524464eb0598d90ec33ed6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70219F35600418EFCB259F94CC59EFA7FB9FB8A350F184065FD066B2A2C3319950EB60
                                                                                                                                                                                                                                                                                                                                                      Function 0055D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0058CB68), ref: 0055D2FB
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0055D30A
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 0055D319
                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0058CB68), ref: 0055D376
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c53669599eebda37427641ac09ad7a06d8f4a1f5413e0050ae64f34b94de3512
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3bc1c02859acefb2140bc40a0d728527d7ee38f2c1c9bc08a853ffe69248277d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c53669599eebda37427641ac09ad7a06d8f4a1f5413e0050ae64f34b94de3512
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31219E755052019FC320EF29C89186ABBE4BF55369F104E1EF899D32A1DB30D909CBA3
                                                                                                                                                                                                                                                                                                                                                      Function 00551571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0055102A
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00551036
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00551045
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0055104C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00551014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00551062
                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 005515BE
                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 005515E1
                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00551617
                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 0055161E
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4751667e5396027b4a1f6d8808bf1c124b57ca1e6c49c9a5d42a45ebdbca0378
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cf5c7790f663272833bb712692ea3b365b3cbcbe963c916c4eddb64b3246102b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4751667e5396027b4a1f6d8808bf1c124b57ca1e6c49c9a5d42a45ebdbca0378
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC216B31E40509AFDF10DFA4C959BEEBFB8FF44345F08445AE851AB241E730AA09DB64
                                                                                                                                                                                                                                                                                                                                                      Function 00582782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0058280A
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00582824
                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00582832
                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00582840
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70bad74d9ff84696a4bf00e031a2c2c4cb071fcbc8c8ff0f890637a9f0b5f35c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b639ed9ac99ffc1b02d31adef91c65be96053eb038502a52febd480a6c4adbb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70bad74d9ff84696a4bf00e031a2c2c4cb071fcbc8c8ff0f890637a9f0b5f35c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F221B035204215AFDB14AB25C844FAA7F95FF85328F148159F826DB6E2C775EC42CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 005578F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00558D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0055790A,?,000000FF,?,00558754,00000000,?,0000001C,?,?), ref: 00558D8C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00558D7D: lstrcpyW.KERNEL32(00000000,?,?,0055790A,?,000000FF,?,00558754,00000000,?,0000001C,?,?,00000000), ref: 00558DB2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00558D7D: lstrcmpiW.KERNEL32(00000000,?,0055790A,?,000000FF,?,00558754,00000000,?,0000001C,?,?), ref: 00558DE3
                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00558754,00000000,?,0000001C,?,?,00000000), ref: 00557923
                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,00558754,00000000,?,0000001C,?,?,00000000), ref: 00557949
                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,00558754,00000000,?,0000001C,?,?,00000000), ref: 00557984
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b2f1bf588f390cd08807d8316cf23b0d76624fb2bf97670e18099648907eda1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8a5c382b979ac85179ed41cc92acd27e16c4cc992dd098fe7efd355d63bbb54f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2f1bf588f390cd08807d8316cf23b0d76624fb2bf97670e18099648907eda1a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A811063A200246ABDB159F35D858E7A7BB9FF99351B00402BFC02C72A4EB319805D7A1
                                                                                                                                                                                                                                                                                                                                                      Function 00585660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 005856BB
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005856CD
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005856D8
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00585816
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 565b806c0a92a57080eb77f69228ffe110eda130816150efc5b835a3a285e59c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 409d263f1f792e15e32f27201b13fff823daa8894e1bb8c2759c6f3085fc16cf
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 565b806c0a92a57080eb77f69228ffe110eda130816150efc5b835a3a285e59c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF11B17560060996DF20AF668C85AEE7FACFF51760B104426FD15F6091FB70CA84CB60
                                                                                                                                                                                                                                                                                                                                                      Function 00551A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00551A47
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00551A59
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00551A6F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00551A8A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2f8c23ed5de8b6d03dffcaf4ce04e3ecacc76f0206dda6751e52879bf79626e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b0732d5d7c0a47467e987936df06a26e4473e8e7099375d9021cabd1d5dd60d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2f8c23ed5de8b6d03dffcaf4ce04e3ecacc76f0206dda6751e52879bf79626e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC112A3A901219FFEB119BA5C985FADBB78FB04750F200092EA01B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                      Function 0055E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0055E1FD
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 0055E230
                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0055E246
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0055E24D
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36de70c33c4bcdba2362b1aae9f0dab210e75142477f1a486f99dea14863bc33
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b255ccf78be8e2b0e0a0eb2f234bf5f83a87a05d6ab6ffcbe5dcf79a76d4b0bc
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36de70c33c4bcdba2362b1aae9f0dab210e75142477f1a486f99dea14863bc33
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C114876904644BFC7059FA8AC0AE9E3FACEB52715F004616FC25E3281C6B08A0897B0
                                                                                                                                                                                                                                                                                                                                                      Function 0051D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,0051CFF9,00000000,00000004,00000000), ref: 0051D218
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0051D224
                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0051D22B
                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 0051D249
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53ee5aef784e550aa5609501e1dd38e347350dd3d5e8278303e9ff4872e36217
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b80e64937a85029c8d8d254d9410430fb4cb275db9a5dd28058ddd7cd89e584b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53ee5aef784e550aa5609501e1dd38e347350dd3d5e8278303e9ff4872e36217
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB01C03A905205BBEB115BA5DC09AEA7E79FF81330F200219F935921D0DB718985D7B0
                                                                                                                                                                                                                                                                                                                                                      Function 004F600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004F604C
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 004F6060
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 004F606A
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 464bb053a5efd1d763db4d50a57a7e2bf0fdfdd0f5e19a476d86e57d30c3072e
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba7173b2559387c009cfa80b31ddae16b3455ecca1d9bb5d6dfee26faaecdcf4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 464bb053a5efd1d763db4d50a57a7e2bf0fdfdd0f5e19a476d86e57d30c3072e
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F118B7250150CBFEF128FA48C44EFBBF69EF183A4F110216FA0592110DB369C60EBA4
                                                                                                                                                                                                                                                                                                                                                      Function 00513B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 00513B56
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00513AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00513AD2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00513AA3: ___AdjustPointer.LIBCMT ref: 00513AED
                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00513B6B
                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00513B7C
                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 00513BA4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16ddaf37c539a2b3b3ba1aaa0df550d57ed6279eb53d3a2bea49877ac2960fff
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3101E972100149BBEF125E95CC4AEEB7F69FF98754F044014FE5856121D732E9A1DBA0
                                                                                                                                                                                                                                                                                                                                                      Function 00523073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004F13C6,00000000,00000000,?,0052301A,004F13C6,00000000,00000000,00000000,?,0052328B,00000006,FlsSetValue), ref: 005230A5
                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,0052301A,004F13C6,00000000,00000000,00000000,?,0052328B,00000006,FlsSetValue,00592290,FlsSetValue,00000000,00000364,?,00522E46), ref: 005230B1
                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0052301A,004F13C6,00000000,00000000,00000000,?,0052328B,00000006,FlsSetValue,00592290,FlsSetValue,00000000), ref: 005230BF
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 030c2579494af36d33bd4295d8237ef610dc94165ee3770afcc6f1836cf471dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e1676d429bc5ad7f3664466e100d5f9e0231e1d41d90491389ae9486647909c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 030c2579494af36d33bd4295d8237ef610dc94165ee3770afcc6f1836cf471dd
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E101D436701636ABCB214A78BC88A577F98BF16B61B110A20F906E71D0DB35D909C7F0
                                                                                                                                                                                                                                                                                                                                                      Function 00557464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0055747F
                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00557497
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 005574AC
                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 005574CA
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f115c8d4a575dc6ca2501372569e8dcabcfabeacd9c1a6b0609925febc672c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f9222ff8767d01814c2378dd48042bcabcb52a6d75e251d0187c99b08f24af57
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f115c8d4a575dc6ca2501372569e8dcabcfabeacd9c1a6b0609925febc672c5
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E11A1B1205318DBEB208F24EC18F927FFCFB04B01F10856AAE26D6151D770E948EB61
                                                                                                                                                                                                                                                                                                                                                      Function 0055B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0055ACD3,?,00008000), ref: 0055B0C4
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0055ACD3,?,00008000), ref: 0055B0E9
                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0055ACD3,?,00008000), ref: 0055B0F3
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0055ACD3,?,00008000), ref: 0055B126
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a075968ce240a122d5fc5ed089eb69a13b8be8484516a75b304ddbcb4a43855
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97a90ca8e51fa1c557572ce3a30dfd22298dbdc7a121f4c724b4710edcad2abb
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a075968ce240a122d5fc5ed089eb69a13b8be8484516a75b304ddbcb4a43855
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB115730C01928EBEF00AFE5E9AC6EEBF78BB59312F104486DD41B2181CB305658DB61
                                                                                                                                                                                                                                                                                                                                                      Function 00552DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00552DC5
                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00552DD6
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00552DDD
                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00552DE4
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f415dc13f854c30beea0dc3e2bcafd8bd043f4b8a987bfcaae2368db09ba1e94
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bb2f3594ca543fd568c9aaf9c3765a90f123e17cc3851c817de0ff343daafe35
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f415dc13f854c30beea0dc3e2bcafd8bd043f4b8a987bfcaae2368db09ba1e94
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1E06DB11012247AD7201B67AC0EEEB3E6CFB63BA2F001126B905E1080AAB48849D7B0
                                                                                                                                                                                                                                                                                                                                                      Function 00588863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00509693
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: SelectObject.GDI32(?,00000000), ref: 005096A2
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: BeginPath.GDI32(?), ref: 005096B9
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00509639: SelectObject.GDI32(?,00000000), ref: 005096E2
                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00588887
                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00588894
                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 005888A4
                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 005888B2
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e303fbef6aaf7d770ff0233d514f540544c5277472bba31a65b04c9ec888fe96
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: edcaf5c140a7c4131524c9fb8dc50f87b506c93b687aa6ef75714a195330c6b7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e303fbef6aaf7d770ff0233d514f540544c5277472bba31a65b04c9ec888fe96
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBF03436041659FAEB126F94AC0EFDE3E69AF26310F448000FE11750E2C7B55529EFA9
                                                                                                                                                                                                                                                                                                                                                      Function 005098B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 005098CC
                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 005098D6
                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 005098E9
                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 005098F1
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 66f914b8d94c828e51b966b4ea0b78171685ea643f48e8285c68fc65e7dd49ab
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a714028f5ff17a57305e6943987a5c47ecdf35aa8186a0584eb415aa48972fe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66f914b8d94c828e51b966b4ea0b78171685ea643f48e8285c68fc65e7dd49ab
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE06D31244284AEDF215B74BC0DBE83F20BB26336F04921AFAFA680E1C3714644EB20
                                                                                                                                                                                                                                                                                                                                                      Function 0055162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00551634
                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,005511D9), ref: 0055163B
                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,005511D9), ref: 00551648
                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,005511D9), ref: 0055164F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4b15d040d1e9417a1795a03df8b244a24de44f6323f0693ad8a39c9eac0cd26
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4303b090973d11d1fe1330b632ba9151e98da366a318cee3e8c55ce3adc2bfde
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4b15d040d1e9417a1795a03df8b244a24de44f6323f0693ad8a39c9eac0cd26
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E08631601211DBD7201FB0AD0DB4A3F7CBF657D2F154809FA45E9080D6344449E774
                                                                                                                                                                                                                                                                                                                                                      Function 0054D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0054D858
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0054D862
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0054D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0054D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a3d1d9961c0edb40999cb608d7bd2c4722cac09bd16d62cbac06b7c96a312769
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d5d59a66fb7f8211522a2a887758280cc392e400953d53bedeaf52237dad93b
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3d1d9961c0edb40999cb608d7bd2c4722cac09bd16d62cbac06b7c96a312769
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E0E5B4800205DFCB419FA5990C66DBFB1BB18310B149419E906B7250D7384905AF60
                                                                                                                                                                                                                                                                                                                                                      Function 0054D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0054D86C
                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0054D876
                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0054D882
                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 0054D8A3
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ec6ccd6eac97d48a2bda210a088aeb9b6df6730a47e5e1f1c13ee72e570fd79
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5e66a41b2ee93197afd8f207a31d8034d36eb17172992ccb3aeb1ae515949b2
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ec6ccd6eac97d48a2bda210a088aeb9b6df6730a47e5e1f1c13ee72e570fd79
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8E01A74800204DFCB409FB5D80C66DBFB1BB18310B149419E90AF7250D7385905AF60
                                                                                                                                                                                                                                                                                                                                                      Function 00564D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F7620: _wcslen.LIBCMT ref: 004F7625
                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00564ED4
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 749b200c732267e0ddeda049dc5b073ae9953e639850d015da78f30282c80094
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7fa0f47a489722821ba9e87727f05f5f376dd7fd994561ad769c80fd18d89b1c
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 749b200c732267e0ddeda049dc5b073ae9953e639850d015da78f30282c80094
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E915E75A00244AFCB14DF58C484EAABBF5BF44308F198099E80A9F7A2D775ED85CF91
                                                                                                                                                                                                                                                                                                                                                      Function 0051E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 0051E30D
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1e8804b509481cd56bc08912bce7dbdfc5ee5d74be8af853a1e63f07fb580f1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0e991a8d7c7c84a66d19721d9958aeb95e5567cf8b8fa678e7dadc51688aef70
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e8804b509481cd56bc08912bce7dbdfc5ee5d74be8af853a1e63f07fb580f1b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B51CE61A0C11A96EB11B724DD033FA3F98FF55740F304D99E8E5432E8EB348CC59A46
                                                                                                                                                                                                                                                                                                                                                      Function 00577771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0054569E,00000000,?,0058CC08,?,00000000,00000000), ref: 005778DD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F6B57: _wcslen.LIBCMT ref: 004F6B6A
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0054569E,00000000,?,0058CC08,00000000,?,00000000,00000000), ref: 0057783B
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: <s[
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3544283678-714827695
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0f504cbc19e2ce5656a328182b8f7767eefa32cdf28427c5ac40b805240ba873
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9f0251bf921022dea4a21fdba3edd65ec56e3718dcdcc3f45859839f77a520ae
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f504cbc19e2ce5656a328182b8f7767eefa32cdf28427c5ac40b805240ba873
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1061707291411DAACF04EBA5EC91DFDBBB4FF18304B44452AE606B3091EF785A05DBA4
                                                                                                                                                                                                                                                                                                                                                      Function 0050E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f66cff285205b527cd76519077a6265cbb03d3b79c227a9e507aab53c35159c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 711c4e808e03efe667dfffc0d55b3a143e6621244018284ac71e4e29787695c4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f66cff285205b527cd76519077a6265cbb03d3b79c227a9e507aab53c35159c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E512379900286DFDB15DF28C482AFE7FA4FF65328F644459EC919B2D0D634AD42CBA0
                                                                                                                                                                                                                                                                                                                                                      Function 0050F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 0050F2A2
                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 0050F2BB
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 697e81507c29af60b4626b8abd5f1b98e8cb3a2b530420242bd6768021d40a21
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 648b274a939b89aadb0c13c6aed8ad8c9f34b816608435543f2b0812c7e3ef05
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 697e81507c29af60b4626b8abd5f1b98e8cb3a2b530420242bd6768021d40a21
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B15147714087499BD320AF15D886BABBBF8FF95304F81484DF29941195EB348929CB6B
                                                                                                                                                                                                                                                                                                                                                      Function 00575745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 005757E0
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 005757EC
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cfbd5ab710562492d3ca9fa846618c9c34d25a5ffeeffb413a5d01e63718780b
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0a67ea0ecddf1c859ad374ab2a24726f93769c748d52ac58ec63a0c46f95071
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfbd5ab710562492d3ca9fa846618c9c34d25a5ffeeffb413a5d01e63718780b
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6641C031A001099FCB04DFA9D8869BEBFF4FF98354F20802EE509A7291E7709D81CB91
                                                                                                                                                                                                                                                                                                                                                      Function 0056D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0056D130
                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0056D13A
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13bd30607841701176259069629061d6513f2bea288bba09a9b4877d488ff646
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aa0213e7243e60e67a8c22eb6a033119162524c9e10fc05a15d73f5d162a161d
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13bd30607841701176259069629061d6513f2bea288bba09a9b4877d488ff646
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D316F71D00209ABCF11EFA5CC85EEEBFB9FF05344F00001AF915A6261D775AA56CB64
                                                                                                                                                                                                                                                                                                                                                      Function 0058356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00583621
                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0058365C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 832f5d3f6a263f867b31a59cdf04fc9617df97a980e35679c8b55c4e93b8e6d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 322bf49bc5b3b98875fd955e5e16b14c82a8d20b556071cb1b3dd2d26583b6e4
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 832f5d3f6a263f867b31a59cdf04fc9617df97a980e35679c8b55c4e93b8e6d6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD318171110604AEDB10EF29DC80EBB7BA9FF98724F509619FD55A7180DA30AD91D760
                                                                                                                                                                                                                                                                                                                                                      Function 00584537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0058461F
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00584634
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40c365d231d7ffe8f64b4ca220dbf4cfba623d3e06a6fd4280c891f50be02109
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1c3a5562475d075b35527e6708d1f1285873062e77e34b2255341ee0519e75a9
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40c365d231d7ffe8f64b4ca220dbf4cfba623d3e06a6fd4280c891f50be02109
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22311574A0020A9FDB14DFA9C980AEA7BB5FF09300F10406AED05AB341E770A941DF90
                                                                                                                                                                                                                                                                                                                                                      Function 005831EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0058327C
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00583287
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b832bb5b7d3a042e001fe2975f9af31891ff407cae39de44e73dfb7f601bf2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54051c6fd7e76cc348bfa9fef243c807de326939a45a63d140d15c595bcee0db
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b832bb5b7d3a042e001fe2975f9af31891ff407cae39de44e73dfb7f601bf2d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811E2753002087FEF21AE54DC84EBB3F6AFB98764F100128FD1AAB290D6719D518760
                                                                                                                                                                                                                                                                                                                                                      Function 00583710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004F604C
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: GetStockObject.GDI32(00000011), ref: 004F6060
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004F606A
                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0058377A
                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00583794
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3acca13b4391a1d5053de9e38a4c39c7b317db67b5cbd2efee12b918e37eef68
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 10dcd9ecfb3686e1864064276a0418964ed68f6f628f33e5fb5f61262ecb683f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3acca13b4391a1d5053de9e38a4c39c7b317db67b5cbd2efee12b918e37eef68
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E1129B2610209AFDF00EFA8CC45EFA7BB8FB08714F004915FD55E2251E775E9559B60
                                                                                                                                                                                                                                                                                                                                                      Function 0056CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0056CD7D
                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0056CDA6
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71e3f38ac8c81380030d9a7159c8aa37f969045005180cc342a2c1c4f849ab7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f5a37549588f3320f0bb70bfd2992b0cb6ef34f39ea0d9cff4229fc0edeab09
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71e3f38ac8c81380030d9a7159c8aa37f969045005180cc342a2c1c4f849ab7c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8011A071205671BAD7285A668C49EF7BEBCFB227A4F00462AB58993180D6749844D6F0
                                                                                                                                                                                                                                                                                                                                                      Function 00583429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 005834AB
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005834BA
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b13165f321ca0e47aed512b2819edc3e5d64a5251fe6d9a7a9ed5674e694166
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f59328153d4eb4174d74847268e685c14d94d997500e4c4c1635296598bfc4a3
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b13165f321ca0e47aed512b2819edc3e5d64a5251fe6d9a7a9ed5674e694166
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61119D71100108AEEF11AE64DC48ABA3F6AFF15B78F504724FD61A71E0C771DC559760
                                                                                                                                                                                                                                                                                                                                                      Function 00556C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 00556CB6
                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00556CC2
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 154659541e583729033f9c3c1d3df295d184dc376f277bfb93d1196eee62450a
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e48f0b0ac649dbdae20fc981c5363346e228f11d037421913ccf36af14568f6e
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 154659541e583729033f9c3c1d3df295d184dc376f277bfb93d1196eee62450a
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D0108326005678ACB119FBDCCA19BF7BB4FA60715780092AEC5297190FB31DC08C650
                                                                                                                                                                                                                                                                                                                                                      Function 00551CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00553CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00551D4C
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 463886c6f1cc0ad7bc58d93059315a012e755adaf0b2e1724b095fb8c7ebc7e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f84c5e5b94cb01e71af3bc3a18ceca0b593c2ec688fac6b5af375d368b24260f
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 463886c6f1cc0ad7bc58d93059315a012e755adaf0b2e1724b095fb8c7ebc7e6
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D001B571611618AB8B08EFA5CC65AFE7F78FF56390B04091BEC22672C1EA355D0C8664
                                                                                                                                                                                                                                                                                                                                                      Function 00551BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00553CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 00551C46
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c91c6582c1163672c8bfb5bb9975baec53fc164358632a93020618dd27a86062
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a2c9594f8364310281dfd9883073b44dd90a3d0c7814019f1146e167c35b14fe
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c91c6582c1163672c8bfb5bb9975baec53fc164358632a93020618dd27a86062
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F01A77569110866CB08EB91C965BFF7FA8BF51381F14041BED0677281EA259E0CC6B9
                                                                                                                                                                                                                                                                                                                                                      Function 00551C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00553CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00553CCA
                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 00551CC8
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34542732ffdf0e5e710933282622ba050ba02fd787766a84e7945b932a4112e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e177e3da5119a85eb6a391187262b82e645a7bc31d6357b682d8d8ffcf818498
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34542732ffdf0e5e710933282622ba050ba02fd787766a84e7945b932a4112e4
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9401DB7164015867CB04EB95CA22BFE7FA8BF113C1F14001BBD0677281EA259F0CC675
                                                                                                                                                                                                                                                                                                                                                      Function 0050A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0050A529
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 004F9CB3: _wcslen.LIBCMT ref: 004F9CBD
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: ,%\$3yT
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2551934079-2759134763
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d235c8c9a18791860a0c29b46845215c7c2dfa1bfa602a755881ecd1e665f45c
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c4369859dc386994e60d4337c3cc3d83e101e5f4859eaefecfdc7d99b9ad981
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d235c8c9a18791860a0c29b46845215c7c2dfa1bfa602a755881ecd1e665f45c
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B01F2326007159BCE00F7A9DC1BFAE3F54BB85710F400429F6125B1C2EEA4AD858A9B
                                                                                                                                                                                                                                                                                                                                                      Function 00588172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,005C3018,005C305C), ref: 005881BF
                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 005881D1
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                      • String ID: \0\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-662447594
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62cb9a56d12edaa5c69d8e7bdd6dadc38c0d685879be1670a06f8f33e6798f24
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5dc3bd197dc357535608f8480139db37f596067fd49df05888e219a6c0846de8
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62cb9a56d12edaa5c69d8e7bdd6dadc38c0d685879be1670a06f8f33e6798f24
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8F030B2640708BEE3106761AC4DFB77E5CFB14750F008425BA08F51A1D6758E54A3B8
                                                                                                                                                                                                                                                                                                                                                      Function 0057747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3590c55970e2ebb726816eb2f34fd154e08e70942f7fcc4e4930f997049638de
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: efa70a690d78d01186a6d50e2a27398acd78656056fe8f6cfafb9410f6e337aa
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3590c55970e2ebb726816eb2f34fd154e08e70942f7fcc4e4930f997049638de
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FE02B0220432510A731127ABCC99BF5ECAFFCD750714282BF989C2276EA948DD1A3A0
                                                                                                                                                                                                                                                                                                                                                      Function 00550B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00550B23
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8cc4aae45c14c26c09994e2fe59ac2a74da2f12b11b459dc827cd1e4dd963f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ab239edba5e3e0344ac29727b343432d2c9ad2b97a804f4e76d45f989d10075
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8cc4aae45c14c26c09994e2fe59ac2a74da2f12b11b459dc827cd1e4dd963f1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98E0923224430926D22437547C07F8D7E88AB05B25F10046AFB58A94C38AE1249047A9
                                                                                                                                                                                                                                                                                                                                                      Function 00510D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0050F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00510D71,?,?,?,004F100A), ref: 0050F7CE
                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,004F100A), ref: 00510D75
                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,004F100A), ref: 00510D84
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00510D7F
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c6d4bc2f11edd6899f1a6e6c6a42539766a6049ca7e433c9fd6fe347594b770
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2461302750dc65607c6bc088f8c8eef0b998045223e2a437e6d44d8a2f196417
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c6d4bc2f11edd6899f1a6e6c6a42539766a6049ca7e433c9fd6fe347594b770
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E065742007418FE770AF78E4087467FE4BB14744F00492DE882D6691DBF4E4889BA1
                                                                                                                                                                                                                                                                                                                                                      Function 0050E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0050E3D5
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                      • String ID: 0%\$8%\
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-277581082
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 790d7454e5f03e98299a7e1b55bac24f8f853a2543fd60f550021f64ca8eab08
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba2416d64fe91b41494c16700d1218277272ab8296731676201542b59ca09e84
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 790d7454e5f03e98299a7e1b55bac24f8f853a2543fd60f550021f64ca8eab08
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AE02631404D20CFC6049718F85AECE3F91BB45320F203D68E1128F1D1DF7478859644
                                                                                                                                                                                                                                                                                                                                                      Function 00563017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0056302F
                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00563044
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 123d521eab734f5ca2a653b9bed6057fac80e933b0b74117f3acdbb3a4b2aff1
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 46b05349ca85abcd6b4745d68cfd3a039e29eb5952be1453854022fe51de76ac
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 123d521eab734f5ca2a653b9bed6057fac80e933b0b74117f3acdbb3a4b2aff1
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD05B7550031467DA2097949C0DFD73E6CD704750F0001917A96E20D1DAB49544CBE0
                                                                                                                                                                                                                                                                                                                                                      Function 00582356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0058236C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00582373
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E97B: Sleep.KERNEL32 ref: 0055E9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 10f3bd5274c64cde33aff009345d24851fec9187ef38dce4446ff450929ac731
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: abca23787ce40f887fa50fb85e0a9c40063b110be26e3d34a90202d0cdfa2fcd
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10f3bd5274c64cde33aff009345d24851fec9187ef38dce4446ff450929ac731
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32D0A9323803007AE668A3309C0FFC66E14AB11B00F0009127A41AA0D0C8B0B8098B24
                                                                                                                                                                                                                                                                                                                                                      Function 00582322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0058232C
                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0058233F
                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0055E97B: Sleep.KERNEL32 ref: 0055E9F3
                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2162323797.00000000004F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004F0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162198491.00000000004F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.000000000058C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162571432.00000000005B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162735314.00000000005BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2162781827.00000000005C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2276732abcba263d1885a26e6bf03a0bbf2627eea1ab245009b15cc5a56c511d
                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85773e182ff09d8d74fc8d2eb6975a92b27b576463555353a0b0caeabcd8aaa7
                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2276732abcba263d1885a26e6bf03a0bbf2627eea1ab245009b15cc5a56c511d
                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6D0A932380300B6E668A3309C1FFC66E14AB10B00F0009127A45AA0D0C8B0A8098B20